From bccd4e9e93defda4c7a2100ed8d2234552cc7ef4 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 28 Oct 2021 10:51:49 +0100 Subject: [PATCH 01/70] C++: Add 'getReturnAddress' and 'getReturnAddressOperand' predicates to 'ReturnValueInstruction'. --- .../ir/implementation/aliased_ssa/Instruction.qll | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll index 2fb3edad602..f2cafede5fe 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll @@ -753,11 +753,21 @@ class ReturnValueInstruction extends ReturnInstruction { */ final LoadOperand getReturnValueOperand() { result = getAnOperand() } + /** + * Gets the operand that provides the address of the value being returned by the function. + */ + final AddressOperand getReturnAddressOperand() { result = this.getAnOperand() } + /** * Gets the instruction whose result provides the value being returned by the function, if an * exact definition is available. */ - final Instruction getReturnValue() { result = getReturnValueOperand().getDef() } + final Instruction getReturnValue() { result = this.getReturnValueOperand().getDef() } + + /** + * Gets the instruction whose result provides the address of the value being returned by the function. + */ + final Instruction getReturnAddress() { result = this.getReturnAddressOperand().getDef() } } /** From 13ce2569d7f95bd37b220edad9d430a6bae325c7 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 28 Oct 2021 10:52:00 +0100 Subject: [PATCH 02/70] =?UTF-8?q?C++/C#:=20Sync=20identical=20IR=20files?= =?UTF-8?q?=C2=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../code/cpp/ir/implementation/raw/Instruction.qll | 12 +++++++++++- .../ir/implementation/unaliased_ssa/Instruction.qll | 12 +++++++++++- .../ir/implementation/raw/Instruction.qll | 12 +++++++++++- .../ir/implementation/unaliased_ssa/Instruction.qll | 12 +++++++++++- 4 files changed, 44 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll index 2fb3edad602..f2cafede5fe 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll @@ -753,11 +753,21 @@ class ReturnValueInstruction extends ReturnInstruction { */ final LoadOperand getReturnValueOperand() { result = getAnOperand() } + /** + * Gets the operand that provides the address of the value being returned by the function. + */ + final AddressOperand getReturnAddressOperand() { result = this.getAnOperand() } + /** * Gets the instruction whose result provides the value being returned by the function, if an * exact definition is available. */ - final Instruction getReturnValue() { result = getReturnValueOperand().getDef() } + final Instruction getReturnValue() { result = this.getReturnValueOperand().getDef() } + + /** + * Gets the instruction whose result provides the address of the value being returned by the function. + */ + final Instruction getReturnAddress() { result = this.getReturnAddressOperand().getDef() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll index 2fb3edad602..f2cafede5fe 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll @@ -753,11 +753,21 @@ class ReturnValueInstruction extends ReturnInstruction { */ final LoadOperand getReturnValueOperand() { result = getAnOperand() } + /** + * Gets the operand that provides the address of the value being returned by the function. + */ + final AddressOperand getReturnAddressOperand() { result = this.getAnOperand() } + /** * Gets the instruction whose result provides the value being returned by the function, if an * exact definition is available. */ - final Instruction getReturnValue() { result = getReturnValueOperand().getDef() } + final Instruction getReturnValue() { result = this.getReturnValueOperand().getDef() } + + /** + * Gets the instruction whose result provides the address of the value being returned by the function. + */ + final Instruction getReturnAddress() { result = this.getReturnAddressOperand().getDef() } } /** diff --git a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll index 2fb3edad602..f2cafede5fe 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll @@ -753,11 +753,21 @@ class ReturnValueInstruction extends ReturnInstruction { */ final LoadOperand getReturnValueOperand() { result = getAnOperand() } + /** + * Gets the operand that provides the address of the value being returned by the function. + */ + final AddressOperand getReturnAddressOperand() { result = this.getAnOperand() } + /** * Gets the instruction whose result provides the value being returned by the function, if an * exact definition is available. */ - final Instruction getReturnValue() { result = getReturnValueOperand().getDef() } + final Instruction getReturnValue() { result = this.getReturnValueOperand().getDef() } + + /** + * Gets the instruction whose result provides the address of the value being returned by the function. + */ + final Instruction getReturnAddress() { result = this.getReturnAddressOperand().getDef() } } /** diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll index 2fb3edad602..f2cafede5fe 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll @@ -753,11 +753,21 @@ class ReturnValueInstruction extends ReturnInstruction { */ final LoadOperand getReturnValueOperand() { result = getAnOperand() } + /** + * Gets the operand that provides the address of the value being returned by the function. + */ + final AddressOperand getReturnAddressOperand() { result = this.getAnOperand() } + /** * Gets the instruction whose result provides the value being returned by the function, if an * exact definition is available. */ - final Instruction getReturnValue() { result = getReturnValueOperand().getDef() } + final Instruction getReturnValue() { result = this.getReturnValueOperand().getDef() } + + /** + * Gets the instruction whose result provides the address of the value being returned by the function. + */ + final Instruction getReturnAddress() { result = this.getReturnAddressOperand().getDef() } } /** From 1842fed7a2dbd6d6cfa4582362a2cec757e7a54f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:03:35 +0100 Subject: [PATCH 03/70] C++: Add shared SSA library and instantiate it with the IR. --- .../code/cpp/ir/dataflow/internal/Ssa.qll | 303 +++++++++ .../ir/dataflow/internal/SsaImplCommon.qll | 637 ++++++++++++++++++ .../ir/dataflow/internal/SsaImplSpecific.qll | 64 ++ 3 files changed, 1004 insertions(+) create mode 100644 cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll create mode 100644 cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll create mode 100644 cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll new file mode 100644 index 00000000000..57ba19f71f0 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -0,0 +1,303 @@ +import SsaImplCommon +import SsaImplSpecific +private import cpp as Cpp +private import semmle.code.cpp.ir.IR +private import DataFlowUtil +private import DataFlowPrivate +private import semmle.code.cpp.models.interfaces.Allocation as Alloc +private import semmle.code.cpp.models.interfaces.DataFlow as DataFlow + +cached +private newtype TDefOrUse = + TExplicitDef(Instruction store) { explicitWrite(_, store, _) } or + TInitializeParam(Instruction instr) { + instr instanceof InitializeParameterInstruction + or + instr instanceof InitializeIndirectionInstruction + } or + TExplicitUse(Operand op) { isExplicitUse(op) } or + TReturnParamIndirection(Operand op) { returnParameterIndirection(op, _) } + +pragma[nomagic] +private int getRank(DefOrUse defOrUse, IRBlock block) { + defOrUse = + rank[result](int i, DefOrUse cand | + block.getInstruction(i) = toInstruction(cand) + | + cand order by i + ) +} + +private class DefOrUse extends TDefOrUse { + /** Gets the instruction associated with this definition, if any. */ + Instruction asDef() { none() } + + /** Gets the operand associated with this use, if any. */ + Operand asUse() { none() } + + /** Gets a textual representation of this element. */ + abstract string toString(); + + /** Gets the block of this definition or use. */ + abstract IRBlock getBlock(); + + /** Holds if this definition or use has rank `rank` in block `block`. */ + cached + final predicate hasRankInBlock(IRBlock block, int rnk) { + block = getBlock() and + rnk = getRank(this, block) + } + + /** + * Holds if this element is at the specified location. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `filepath`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ + abstract predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ); +} + +private Instruction toInstruction(DefOrUse defOrUse) { + result = defOrUse.asDef() + or + result = defOrUse.asUse().getUse() +} + +abstract class Def extends DefOrUse { + Instruction store; + + /** Gets the instruction of this definition. */ + Instruction getInstruction() { result = store } + + /** Gets the variable that is defined by this definition. */ + abstract SourceVariable getVariable(); + + /** Holds if this definition is guaranteed to happen. */ + abstract predicate isCertain(); + + override Instruction asDef() { result = this.getInstruction() } + + override string toString() { result = "Def" } + + override IRBlock getBlock() { result = this.getInstruction().getBlock() } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + store.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } +} + +private class ExplicitDef extends Def, TExplicitDef { + ExplicitDef() { this = TExplicitDef(store) } + + override SourceVariable getVariable() { + exists(VariableInstruction var | + explicitWrite(_, this.getInstruction(), var) and + result.getVariable() = var.getIRVariable() and + not result.isIndirection() + ) + } + + override predicate isCertain() { explicitWrite(true, this.getInstruction(), _) } +} + +private class ParameterDef extends Def, TInitializeParam { + ParameterDef() { this = TInitializeParam(store) } + + override SourceVariable getVariable() { + result.getVariable() = store.(InitializeParameterInstruction).getIRVariable() and + not result.isIndirection() + or + result.getVariable() = store.(InitializeIndirectionInstruction).getIRVariable() and + result.isIndirection() + } + + override predicate isCertain() { any() } +} + +abstract class Use extends DefOrUse { + Operand use; + + override Operand asUse() { result = use } + + /** Gets the underlying operand of this use. */ + Operand getOperand() { result = use } + + override string toString() { result = "Use" } + + /** Gets the variable that is used by this use. */ + abstract SourceVariable getVariable(); + + override IRBlock getBlock() { result = use.getUse().getBlock() } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + use.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } +} + +private class ExplicitUse extends Use, TExplicitUse { + ExplicitUse() { this = TExplicitUse(use) } + + override SourceVariable getVariable() { + exists(VariableInstruction var | + use.getDef() = var and + result.getVariable() = var.getIRVariable() and + ( + if use.getUse() instanceof ReadSideEffectInstruction + then result.isIndirection() + else not result.isIndirection() + ) + ) + } +} + +private class ReturnParameterIndirection extends Use, TReturnParamIndirection { + ReturnParameterIndirection() { this = TReturnParamIndirection(use) } + + override SourceVariable getVariable() { + exists(ReturnIndirectionInstruction ret | + returnParameterIndirection(use, ret) and + result.getVariable() = ret.getIRVariable() and + result.isIndirection() + ) + } +} + +private predicate isExplicitUse(Operand op) { + op.getDef() instanceof VariableAddressInstruction and + not exists(LoadInstruction load | + load.getSourceAddressOperand() = op and + load.getAUse().getUse() instanceof InitializeIndirectionInstruction + ) +} + +private predicate returnParameterIndirection(Operand op, ReturnIndirectionInstruction ret) { + ret.getSourceAddressOperand() = op +} + +/** + * Holds if `iFrom` computes an address that is used by `iTo`. + */ +predicate addressFlow(Instruction iFrom, Instruction iTo) { + iTo.(CopyValueInstruction).getSourceValue() = iFrom + or + iTo.(ConvertInstruction).getUnary() = iFrom + or + iTo.(CheckedConvertOrNullInstruction).getUnary() = iFrom + or + iTo.(InheritanceConversionInstruction).getUnary() = iFrom + or + iTo.(PointerArithmeticInstruction).getLeft() = iFrom + or + iTo.(FieldAddressInstruction).getObjectAddress() = iFrom + or + iTo.(LoadInstruction).getSourceAddress() = iFrom + or + exists(WriteSideEffectInstruction write | + write.getPrimaryInstruction() = iTo and + write.getDestinationAddress() = iFrom + ) +} + +/** + * The reflexive, transitive closure of `addressFlow` that ends as the address of a + * store or read operation. + */ +cached +predicate addressFlowTC(Instruction iFrom, Instruction iTo) { + iTo = [getDestinationAddress(_), getSourceAddress(_)] and + addressFlow*(iFrom, iTo) +} + +/** + * Gets the destination address of `instr` if it is a `StoreInstruction` or + * a `WriteSideEffectInstruction`. The destination address of a `WriteSideEffectInstruction` is adjusted + * in the case of calls to operator `new` to give the destination address of a subsequent store (if any). + */ +Instruction getDestinationAddress(Instruction instr) { + result = + [ + instr.(StoreInstruction).getDestinationAddress(), + instr.(WriteSideEffectInstruction).getDestinationAddress() + ] +} + +class ReferenceToInstruction extends CopyValueInstruction { + ReferenceToInstruction() { + this.getResultType() instanceof Cpp::ReferenceType and + not this.getUnary().getResultType() instanceof Cpp::ReferenceType + } + + Instruction getSourceAddress() { result = getSourceAddressOperand().getDef() } + + Operand getSourceAddressOperand() { result = this.getUnaryOperand() } +} + +/** Gets the source address of `instr` if it is an instruction that behaves like a `LoadInstruction`. */ +Instruction getSourceAddress(Instruction instr) { result = getSourceAddressOperand(instr).getDef() } + +/** + * Gets the operand that represents the source address of `instr` if it is an + * instruction that behaves like a `LoadInstruction`. + */ +Operand getSourceAddressOperand(Instruction instr) { + result = + [ + instr.(LoadInstruction).getSourceAddressOperand(), + instr.(ReadSideEffectInstruction).getArgumentOperand(), + instr.(ReferenceToInstruction).getSourceAddressOperand() + ] +} + +/** + * Gets the source address of `node` if it's an instruction or operand that + * behaves like a `LoadInstruction`. + */ +Instruction getSourceAddressFromNode(Node node) { + result = getSourceAddress(node.asInstruction()) + or + result = getSourceAddress(node.asOperand().(SideEffectOperand).getUse()) +} + +/** Gets the source value of `instr` if it's an instruction that behaves like a `LoadInstruction`. */ +Instruction getSourceValue(Instruction instr) { result = getSourceValueOperand(instr).getDef() } + +/** + * Gets the operand that represents the source value of `instr` if it's an instruction + * that behaves like a `LoadInstruction`. + */ +Operand getSourceValueOperand(Instruction instr) { + result = instr.(LoadInstruction).getSourceValueOperand() + or + result = instr.(ReadSideEffectInstruction).getSideEffectOperand() + or + result = instr.(ReferenceToInstruction).getSourceValueOperand() +} + +/** + * Holds if `instr` is a `StoreInstruction` or a `WriteSideEffectInstruction` that writes to an address. + * The addresses is computed using `address`, and `certain` is `true` if the write is guaranteed to overwrite + * the entire variable. + */ +cached +predicate explicitWrite(boolean certain, Instruction instr, Instruction address) { + exists(StoreInstruction store | + store = instr and addressFlowTC(address, store.getDestinationAddress()) + | + if + addressFlowTC(any(Instruction i | + i instanceof FieldAddressInstruction or i instanceof PointerArithmeticInstruction + ), store.getDestinationAddress()) + then certain = false + else certain = true + ) + or + addressFlowTC(address, instr.(WriteSideEffectInstruction).getDestinationAddress()) and + certain = false +} diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll new file mode 100644 index 00000000000..884f4406d01 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll @@ -0,0 +1,637 @@ +/** + * Provides a language-independent implementation of static single assignment + * (SSA) form. + */ + +private import SsaImplSpecific + +private BasicBlock getABasicBlockPredecessor(BasicBlock bb) { getABasicBlockSuccessor(result) = bb } + +/** + * Liveness analysis (based on source variables) to restrict the size of the + * SSA representation. + */ +private module Liveness { + /** + * A classification of variable references into reads (of a given kind) and + * (certain or uncertain) writes. + */ + private newtype TRefKind = + Read(boolean certain) { certain in [false, true] } or + Write(boolean certain) { certain in [false, true] } + + private class RefKind extends TRefKind { + string toString() { + exists(boolean certain | this = Read(certain) and result = "read (" + certain + ")") + or + exists(boolean certain | this = Write(certain) and result = "write (" + certain + ")") + } + + int getOrder() { + this = Read(_) and + result = 0 + or + this = Write(_) and + result = 1 + } + } + + /** + * Holds if the `i`th node of basic block `bb` is a reference to `v` of kind `k`. + */ + private predicate ref(BasicBlock bb, int i, SourceVariable v, RefKind k) { + exists(boolean certain | variableRead(bb, i, v, certain) | k = Read(certain)) + or + exists(boolean certain | variableWrite(bb, i, v, certain) | k = Write(certain)) + } + + private newtype OrderedRefIndex = + MkOrderedRefIndex(int i, int tag) { + exists(RefKind rk | ref(_, i, _, rk) | tag = rk.getOrder()) + } + + private OrderedRefIndex refOrd(BasicBlock bb, int i, SourceVariable v, RefKind k, int ord) { + ref(bb, i, v, k) and + result = MkOrderedRefIndex(i, ord) and + ord = k.getOrder() + } + + /** + * Gets the (1-based) rank of the reference to `v` at the `i`th node of + * basic block `bb`, which has the given reference kind `k`. + * + * Reads are considered before writes when they happen at the same index. + */ + private int refRank(BasicBlock bb, int i, SourceVariable v, RefKind k) { + refOrd(bb, i, v, k, _) = + rank[result](int j, int ord, OrderedRefIndex res | + res = refOrd(bb, j, v, _, ord) + | + res order by j, ord + ) + } + + private int maxRefRank(BasicBlock bb, SourceVariable v) { + result = refRank(bb, _, v, _) and + not result + 1 = refRank(bb, _, v, _) + } + + /** + * Gets the (1-based) rank of the first reference to `v` inside basic block `bb` + * that is either a read or a certain write. + */ + private int firstReadOrCertainWrite(BasicBlock bb, SourceVariable v) { + result = + min(int r, RefKind k | + r = refRank(bb, _, v, k) and + k != Write(false) + | + r + ) + } + + /** + * Holds if source variable `v` is live at the beginning of basic block `bb`. + */ + predicate liveAtEntry(BasicBlock bb, SourceVariable v) { + // The first read or certain write to `v` inside `bb` is a read + refRank(bb, _, v, Read(_)) = firstReadOrCertainWrite(bb, v) + or + // There is no certain write to `v` inside `bb`, but `v` is live at entry + // to a successor basic block of `bb` + not exists(firstReadOrCertainWrite(bb, v)) and + liveAtExit(bb, v) + } + + /** + * Holds if source variable `v` is live at the end of basic block `bb`. + */ + predicate liveAtExit(BasicBlock bb, SourceVariable v) { + liveAtEntry(getABasicBlockSuccessor(bb), v) + } + + /** + * Holds if variable `v` is live in basic block `bb` at index `i`. + * The rank of `i` is `rnk` as defined by `refRank()`. + */ + private predicate liveAtRank(BasicBlock bb, int i, SourceVariable v, int rnk) { + exists(RefKind kind | rnk = refRank(bb, i, v, kind) | + rnk = maxRefRank(bb, v) and + liveAtExit(bb, v) + or + ref(bb, i, v, kind) and + kind = Read(_) + or + exists(RefKind nextKind | + liveAtRank(bb, _, v, rnk + 1) and + rnk + 1 = refRank(bb, _, v, nextKind) and + nextKind != Write(true) + ) + ) + } + + /** + * Holds if variable `v` is live after the (certain or uncertain) write at + * index `i` inside basic block `bb`. + */ + predicate liveAfterWrite(BasicBlock bb, int i, SourceVariable v) { + exists(int rnk | rnk = refRank(bb, i, v, Write(_)) | liveAtRank(bb, i, v, rnk)) + } +} + +private import Liveness + +/** Holds if `bb1` strictly dominates `bb2`. */ +private predicate strictlyDominates(BasicBlock bb1, BasicBlock bb2) { + bb1 = getImmediateBasicBlockDominator+(bb2) +} + +/** Holds if `bb1` dominates a predecessor of `bb2`. */ +private predicate dominatesPredecessor(BasicBlock bb1, BasicBlock bb2) { + exists(BasicBlock pred | pred = getABasicBlockPredecessor(bb2) | + bb1 = pred + or + strictlyDominates(bb1, pred) + ) +} + +/** Holds if `df` is in the dominance frontier of `bb`. */ +private predicate inDominanceFrontier(BasicBlock bb, BasicBlock df) { + dominatesPredecessor(bb, df) and + not strictlyDominates(bb, df) +} + +/** + * Holds if `bb` is in the dominance frontier of a block containing a + * definition of `v`. + */ +pragma[noinline] +private predicate inDefDominanceFrontier(BasicBlock bb, SourceVariable v) { + exists(BasicBlock defbb, Definition def | + def.definesAt(v, defbb, _) and + inDominanceFrontier(defbb, bb) + ) +} + +cached +newtype TDefinition = + TWriteDef(SourceVariable v, BasicBlock bb, int i) { + variableWrite(bb, i, v, _) and + liveAfterWrite(bb, i, v) + } or + TPhiNode(SourceVariable v, BasicBlock bb) { + inDefDominanceFrontier(bb, v) and + liveAtEntry(bb, v) + } + +private module SsaDefReaches { + newtype TSsaRefKind = + SsaRead() or + SsaDef() + + /** + * A classification of SSA variable references into reads and definitions. + */ + class SsaRefKind extends TSsaRefKind { + string toString() { + this = SsaRead() and + result = "SsaRead" + or + this = SsaDef() and + result = "SsaDef" + } + + int getOrder() { + this = SsaRead() and + result = 0 + or + this = SsaDef() and + result = 1 + } + } + + /** + * Holds if the `i`th node of basic block `bb` is a reference to `v`, + * either a read (when `k` is `SsaRead()`) or an SSA definition (when `k` + * is `SsaDef()`). + * + * Unlike `Liveness::ref`, this includes `phi` nodes. + */ + predicate ssaRef(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { + variableRead(bb, i, v, _) and + k = SsaRead() + or + exists(Definition def | def.definesAt(v, bb, i)) and + k = SsaDef() + } + + private newtype OrderedSsaRefIndex = + MkOrderedSsaRefIndex(int i, SsaRefKind k) { ssaRef(_, i, _, k) } + + private OrderedSsaRefIndex ssaRefOrd(BasicBlock bb, int i, SourceVariable v, SsaRefKind k, int ord) { + ssaRef(bb, i, v, k) and + result = MkOrderedSsaRefIndex(i, k) and + ord = k.getOrder() + } + + /** + * Gets the (1-based) rank of the reference to `v` at the `i`th node of basic + * block `bb`, which has the given reference kind `k`. + * + * For example, if `bb` is a basic block with a phi node for `v` (considered + * to be at index -1), reads `v` at node 2, and defines it at node 5, we have: + * + * ```ql + * ssaRefRank(bb, -1, v, SsaDef()) = 1 // phi node + * ssaRefRank(bb, 2, v, Read()) = 2 // read at node 2 + * ssaRefRank(bb, 5, v, SsaDef()) = 3 // definition at node 5 + * ``` + * + * Reads are considered before writes when they happen at the same index. + */ + int ssaRefRank(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { + ssaRefOrd(bb, i, v, k, _) = + rank[result](int j, int ord, OrderedSsaRefIndex res | + res = ssaRefOrd(bb, j, v, _, ord) + | + res order by j, ord + ) + } + + int maxSsaRefRank(BasicBlock bb, SourceVariable v) { + result = ssaRefRank(bb, _, v, _) and + not result + 1 = ssaRefRank(bb, _, v, _) + } + + /** + * Holds if the SSA definition `def` reaches rank index `rnk` in its own + * basic block `bb`. + */ + predicate ssaDefReachesRank(BasicBlock bb, Definition def, int rnk, SourceVariable v) { + exists(int i | + rnk = ssaRefRank(bb, i, v, SsaDef()) and + def.definesAt(v, bb, i) + ) + or + ssaDefReachesRank(bb, def, rnk - 1, v) and + rnk = ssaRefRank(bb, _, v, SsaRead()) + } + + /** + * Holds if the SSA definition of `v` at `def` reaches index `i` in the same + * basic block `bb`, without crossing another SSA definition of `v`. + */ + predicate ssaDefReachesReadWithinBlock(SourceVariable v, Definition def, BasicBlock bb, int i) { + exists(int rnk | + ssaDefReachesRank(bb, def, rnk, v) and + rnk = ssaRefRank(bb, i, v, SsaRead()) + ) + } + + /** + * Holds if the SSA definition of `v` at `def` reaches uncertain SSA definition + * `redef` in the same basic block, without crossing another SSA definition of `v`. + */ + predicate ssaDefReachesUncertainDefWithinBlock( + SourceVariable v, Definition def, UncertainWriteDefinition redef + ) { + exists(BasicBlock bb, int rnk, int i | + ssaDefReachesRank(bb, def, rnk, v) and + rnk = ssaRefRank(bb, i, v, SsaDef()) - 1 and + redef.definesAt(v, bb, i) + ) + } + + /** + * Same as `ssaRefRank()`, but restricted to a particular SSA definition `def`. + */ + int ssaDefRank(Definition def, SourceVariable v, BasicBlock bb, int i, SsaRefKind k) { + v = def.getSourceVariable() and + result = ssaRefRank(bb, i, v, k) and + ( + ssaDefReachesRead(_, def, bb, i) + or + def.definesAt(_, bb, i) + ) + } + + /** + * Holds if the reference to `def` at index `i` in basic block `bb` is the + * last reference to `v` inside `bb`. + */ + pragma[noinline] + predicate lastSsaRef(Definition def, SourceVariable v, BasicBlock bb, int i) { + ssaDefRank(def, v, bb, i, _) = maxSsaRefRank(bb, v) + } + + predicate defOccursInBlock(Definition def, BasicBlock bb, SourceVariable v) { + exists(ssaDefRank(def, v, bb, _, _)) + } + + pragma[noinline] + private predicate ssaDefReachesThroughBlock(Definition def, BasicBlock bb) { + ssaDefReachesEndOfBlock(bb, def, _) and + not defOccursInBlock(_, bb, def.getSourceVariable()) + } + + /** + * Holds if `def` is accessed in basic block `bb1` (either a read or a write), + * `bb2` is a transitive successor of `bb1`, `def` is live at the end of `bb1`, + * and the underlying variable for `def` is neither read nor written in any block + * on the path between `bb1` and `bb2`. + */ + predicate varBlockReaches(Definition def, BasicBlock bb1, BasicBlock bb2) { + defOccursInBlock(def, bb1, _) and + bb2 = getABasicBlockSuccessor(bb1) + or + exists(BasicBlock mid | + varBlockReaches(def, bb1, mid) and + ssaDefReachesThroughBlock(def, mid) and + bb2 = getABasicBlockSuccessor(mid) + ) + } + + /** + * Holds if `def` is accessed in basic block `bb1` (either a read or a write), + * `def` is read at index `i2` in basic block `bb2`, `bb2` is in a transitive + * successor block of `bb1`, and `def` is neither read nor written in any block + * on a path between `bb1` and `bb2`. + */ + predicate defAdjacentRead(Definition def, BasicBlock bb1, BasicBlock bb2, int i2) { + varBlockReaches(def, bb1, bb2) and + ssaRefRank(bb2, i2, def.getSourceVariable(), SsaRead()) = 1 + } +} + +private import SsaDefReaches + +pragma[nomagic] +predicate liveThrough(BasicBlock bb, SourceVariable v) { + liveAtExit(bb, v) and + not ssaRef(bb, _, v, SsaDef()) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Holds if the SSA definition of `v` at `def` reaches the end of basic + * block `bb`, at which point it is still live, without crossing another + * SSA definition of `v`. + */ +pragma[nomagic] +predicate ssaDefReachesEndOfBlock(BasicBlock bb, Definition def, SourceVariable v) { + exists(int last | last = maxSsaRefRank(bb, v) | + ssaDefReachesRank(bb, def, last, v) and + liveAtExit(bb, v) + ) + or + // The construction of SSA form ensures that each read of a variable is + // dominated by its definition. An SSA definition therefore reaches a + // control flow node if it is the _closest_ SSA definition that dominates + // the node. If two definitions dominate a node then one must dominate the + // other, so therefore the definition of _closest_ is given by the dominator + // tree. Thus, reaching definitions can be calculated in terms of dominance. + ssaDefReachesEndOfBlock(getImmediateBasicBlockDominator(bb), def, pragma[only_bind_into](v)) and + liveThrough(bb, pragma[only_bind_into](v)) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Holds if `inp` is an input to the phi node `phi` along the edge originating in `bb`. + */ +pragma[nomagic] +predicate phiHasInputFromBlock(PhiNode phi, Definition inp, BasicBlock bb) { + exists(SourceVariable v, BasicBlock bbDef | + phi.definesAt(v, bbDef, _) and + getABasicBlockPredecessor(bbDef) = bb and + ssaDefReachesEndOfBlock(bb, inp, v) + ) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Holds if the SSA definition of `v` at `def` reaches a read at index `i` in + * basic block `bb`, without crossing another SSA definition of `v`. The read + * is of kind `rk`. + */ +pragma[nomagic] +predicate ssaDefReachesRead(SourceVariable v, Definition def, BasicBlock bb, int i) { + ssaDefReachesReadWithinBlock(v, def, bb, i) + or + variableRead(bb, i, v, _) and + ssaDefReachesEndOfBlock(getABasicBlockPredecessor(bb), def, v) and + not ssaDefReachesReadWithinBlock(v, _, bb, i) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Holds if `def` is accessed at index `i1` in basic block `bb1` (either a read + * or a write), `def` is read at index `i2` in basic block `bb2`, and there is a + * path between them without any read of `def`. + */ +pragma[nomagic] +predicate adjacentDefRead(Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2) { + exists(int rnk | + rnk = ssaDefRank(def, _, bb1, i1, _) and + rnk + 1 = ssaDefRank(def, _, bb1, i2, SsaRead()) and + variableRead(bb1, i2, _, _) and + bb2 = bb1 + ) + or + lastSsaRef(def, _, bb1, i1) and + defAdjacentRead(def, bb1, bb2, i2) +} + +pragma[noinline] +private predicate adjacentDefRead( + Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2, SourceVariable v +) { + adjacentDefRead(def, bb1, i1, bb2, i2) and + v = def.getSourceVariable() +} + +private predicate adjacentDefReachesRead( + Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2 +) { + exists(SourceVariable v | adjacentDefRead(def, bb1, i1, bb2, i2, v) | + ssaRef(bb1, i1, v, SsaDef()) + or + variableRead(bb1, i1, v, true) + ) + or + exists(BasicBlock bb3, int i3 | + adjacentDefReachesRead(def, bb1, i1, bb3, i3) and + variableRead(bb3, i3, _, false) and + adjacentDefRead(def, bb3, i3, bb2, i2) + ) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Same as `adjacentDefRead`, but ignores uncertain reads. + */ +pragma[nomagic] +predicate adjacentDefNoUncertainReads(Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2) { + adjacentDefReachesRead(def, bb1, i1, bb2, i2) and + variableRead(bb2, i2, _, true) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Holds if the node at index `i` in `bb` is a last reference to SSA definition + * `def`. The reference is last because it can reach another write `next`, + * without passing through another read or write. + */ +pragma[nomagic] +predicate lastRefRedef(Definition def, BasicBlock bb, int i, Definition next) { + exists(SourceVariable v | + // Next reference to `v` inside `bb` is a write + exists(int rnk, int j | + rnk = ssaDefRank(def, v, bb, i, _) and + next.definesAt(v, bb, j) and + rnk + 1 = ssaRefRank(bb, j, v, SsaDef()) + ) + or + // Can reach a write using one or more steps + lastSsaRef(def, v, bb, i) and + exists(BasicBlock bb2 | + varBlockReaches(def, bb, bb2) and + 1 = ssaDefRank(next, v, bb2, _, SsaDef()) + ) + ) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Holds if `inp` is an immediately preceding definition of uncertain definition + * `def`. Since `def` is uncertain, the value from the preceding definition might + * still be valid. + */ +pragma[nomagic] +predicate uncertainWriteDefinitionInput(UncertainWriteDefinition def, Definition inp) { + lastRefRedef(inp, _, _, def) +} + +private predicate adjacentDefReachesUncertainRead( + Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2 +) { + adjacentDefReachesRead(def, bb1, i1, bb2, i2) and + variableRead(bb2, i2, _, false) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Same as `lastRefRedef`, but ignores uncertain reads. + */ +pragma[nomagic] +predicate lastRefRedefNoUncertainReads(Definition def, BasicBlock bb, int i, Definition next) { + lastRefRedef(def, bb, i, next) and + not variableRead(bb, i, def.getSourceVariable(), false) + or + exists(BasicBlock bb0, int i0 | + lastRefRedef(def, bb0, i0, next) and + adjacentDefReachesUncertainRead(def, bb, i, bb0, i0) + ) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Holds if the node at index `i` in `bb` is a last reference to SSA + * definition `def`. + * + * That is, the node can reach the end of the enclosing callable, or another + * SSA definition for the underlying source variable, without passing through + * another read. + */ +pragma[nomagic] +predicate lastRef(Definition def, BasicBlock bb, int i) { + lastRefRedef(def, bb, i, _) + or + lastSsaRef(def, _, bb, i) and + ( + // Can reach exit directly + bb instanceof ExitBasicBlock + or + // Can reach a block using one or more steps, where `def` is no longer live + exists(BasicBlock bb2 | varBlockReaches(def, bb, bb2) | + not defOccursInBlock(def, bb2, _) and + not ssaDefReachesEndOfBlock(bb2, def, _) + ) + ) +} + +/** + * NB: If this predicate is exposed, it should be cached. + * + * Same as `lastRefRedef`, but ignores uncertain reads. + */ +pragma[nomagic] +predicate lastRefNoUncertainReads(Definition def, BasicBlock bb, int i) { + lastRef(def, bb, i) and + not variableRead(bb, i, def.getSourceVariable(), false) + or + exists(BasicBlock bb0, int i0 | + lastRef(def, bb0, i0) and + adjacentDefReachesUncertainRead(def, bb, i, bb0, i0) + ) +} + +/** A static single assignment (SSA) definition. */ +class Definition extends TDefinition { + /** Gets the source variable underlying this SSA definition. */ + SourceVariable getSourceVariable() { this.definesAt(result, _, _) } + + /** + * Holds if this SSA definition defines `v` at index `i` in basic block `bb`. + * Phi nodes are considered to be at index `-1`, while normal variable writes + * are at the index of the control flow node they wrap. + */ + final predicate definesAt(SourceVariable v, BasicBlock bb, int i) { + this = TWriteDef(v, bb, i) + or + this = TPhiNode(v, bb) and i = -1 + } + + /** Gets the basic block to which this SSA definition belongs. */ + final BasicBlock getBasicBlock() { this.definesAt(_, result, _) } + + /** Gets a textual representation of this SSA definition. */ + string toString() { none() } +} + +/** An SSA definition that corresponds to a write. */ +class WriteDefinition extends Definition, TWriteDef { + private SourceVariable v; + private BasicBlock bb; + private int i; + + WriteDefinition() { this = TWriteDef(v, bb, i) } + + override string toString() { result = "WriteDef" } +} + +/** A phi node. */ +class PhiNode extends Definition, TPhiNode { + override string toString() { result = "Phi" } +} + +/** + * An SSA definition that represents an uncertain update of the underlying + * source variable. + */ +class UncertainWriteDefinition extends WriteDefinition { + UncertainWriteDefinition() { + exists(SourceVariable v, BasicBlock bb, int i | + this.definesAt(v, bb, i) and + variableWrite(bb, i, v, false) + ) + } +} diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll new file mode 100644 index 00000000000..196d32205ad --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll @@ -0,0 +1,64 @@ +private import semmle.code.cpp.ir.IR +private import DataFlowUtil +private import DataFlowPrivate +private import DataFlowImplCommon as DataFlowImplCommon +private import Ssa as Ssa + +class BasicBlock = IRBlock; + +BasicBlock getImmediateBasicBlockDominator(BasicBlock bb) { result.immediatelyDominates(bb) } + +BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() } + +class ExitBasicBlock extends IRBlock { + ExitBasicBlock() { this.getLastInstruction() instanceof ExitFunctionInstruction } +} + +private newtype TSourceVariable = + TSourceIRVariable(IRVariable var) or + TSourceIRVariableIndirection(InitializeIndirectionInstruction init) + +abstract class SourceVariable extends TSourceVariable { + IRVariable var; + + IRVariable getVariable() { result = var } + + abstract string toString(); + + predicate isIndirection() { none() } +} + +class SourceIRVariable extends SourceVariable, TSourceIRVariable { + SourceIRVariable() { this = TSourceIRVariable(var) } + + override string toString() { result = this.getVariable().toString() } +} + +class SourceIRVariableIndirection extends SourceVariable, TSourceIRVariableIndirection { + InitializeIndirectionInstruction init; + + SourceIRVariableIndirection() { + this = TSourceIRVariableIndirection(init) and var = init.getIRVariable() + } + + override string toString() { result = "*" + this.getVariable().toString() } + + override predicate isIndirection() { any() } +} + +predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) { + DataFlowImplCommon::forceCachingInSameStage() and + exists(Ssa::Def def | + def.hasRankInBlock(bb, i) and + v = def.getVariable() and + (if def.isCertain() then certain = true else certain = false) + ) +} + +predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { + exists(Ssa::Use use | + use.hasRankInBlock(bb, i) and + v = use.getVariable() and + certain = true + ) +} From 5ebefe2d3000a8a1ea1b809107b003e889f82355 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:14:03 +0100 Subject: [PATCH 04/70] C++: Throw away the old way of doing store steps using memory edges. Instead, we introduce a StoreNode IPA branch that does store steps and instead use the shared SSA library to transfer flow into these nodes before a store step, and out of them following a sequence of store steps. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 103 +--------- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 183 +++++++++++++++--- .../code/cpp/ir/dataflow/internal/Ssa.qll | 111 +++++++++++ 3 files changed, 268 insertions(+), 129 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 73bf72a3643..4d4271941b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -184,108 +184,17 @@ OutNode getAnOutNode(DataFlowCall call, ReturnKind kind) { */ predicate jumpStep(Node n1, Node n2) { none() } -private predicate fieldStoreStepNoChi(Node node1, FieldContent f, PostUpdateNode node2) { - exists(StoreInstruction store, Class c | - store = node2.asInstruction() and - store.getSourceValueOperand() = node1.asOperand() and - getWrittenField(store, f.(FieldContent).getAField(), c) and - f.hasOffset(c, _, _) - ) -} - -private FieldAddressInstruction getFieldInstruction(Instruction instr) { - result = instr or - result = instr.(CopyValueInstruction).getUnary() -} - -pragma[noinline] -private predicate getWrittenField(Instruction instr, Field f, Class c) { - exists(FieldAddressInstruction fa | - fa = - getFieldInstruction([ - instr.(StoreInstruction).getDestinationAddress(), - instr.(WriteSideEffectInstruction).getDestinationAddress() - ]) and - f = fa.getField() and - c = f.getDeclaringType() - ) -} - -private predicate fieldStoreStepChi(Node node1, FieldContent f, PostUpdateNode node2) { - exists(ChiPartialOperand operand, ChiInstruction chi | - chi.getPartialOperand() = operand and - node1.asOperand() = operand and - node2.asInstruction() = chi and - exists(Class c | - c = chi.getResultType() and - exists(int startBit, int endBit | - chi.getUpdatedInterval(startBit, endBit) and - f.hasOffset(c, startBit, endBit) - ) - or - getWrittenField(operand.getDef(), f.getAField(), c) and - f.hasOffset(c, _, _) - ) - ) -} - -private predicate arrayStoreStepChi(Node node1, ArrayContent a, PostUpdateNode node2) { - exists(a) and - exists(ChiPartialOperand operand, ChiInstruction chi, StoreInstruction store | - chi.getPartialOperand() = operand and - store = operand.getDef() and - node1.asOperand() = operand and - // This `ChiInstruction` will always have a non-conflated result because both `ArrayStoreNode` - // and `PointerStoreNode` require it in their characteristic predicates. - node2.asInstruction() = chi and - ( - // `x[i] = taint()` - // This matches the characteristic predicate in `ArrayStoreNode`. - store.getDestinationAddress() instanceof PointerAddInstruction - or - // `*p = taint()` - // This matches the characteristic predicate in `PointerStoreNode`. - store.getDestinationAddress().(CopyValueInstruction).getUnary() instanceof LoadInstruction - ) - ) -} - /** * Holds if data can flow from `node1` to `node2` via an assignment to `f`. * Thus, `node2` references an object with a field `f` that contains the * value of `node1`. */ -predicate storeStep(Node node1, Content f, PostUpdateNode node2) { - fieldStoreStepNoChi(node1, f, node2) or - fieldStoreStepChi(node1, f, node2) or - arrayStoreStepChi(node1, f, node2) or - fieldStoreStepAfterArraySuppression(node1, f, node2) -} - -// This predicate pushes the correct `FieldContent` onto the access path when the -// `suppressArrayRead` predicate has popped off an `ArrayContent`. -private predicate fieldStoreStepAfterArraySuppression( - Node node1, FieldContent f, PostUpdateNode node2 -) { - exists(WriteSideEffectInstruction write, ChiInstruction chi, Class c | - not chi.isResultConflated() and - node1.asInstruction() = chi and - node2.asInstruction() = chi and - chi.getPartial() = write and - getWrittenField(write, f.getAField(), c) and - f.hasOffset(c, _, _) - ) -} - -bindingset[result, i] -private int unbindInt(int i) { i <= result and i >= result } - -pragma[noinline] -private predicate getLoadedField(LoadInstruction load, Field f, Class c) { - exists(FieldAddressInstruction fa | - fa = load.getSourceAddress() and - f = fa.getField() and - c = f.getDeclaringType() +predicate storeStep(StoreNode node1, FieldContent f, StoreNode node2) { + exists(FieldAddressInstruction fai | + not fai.getObjectAddress().getResultType().stripType() instanceof Union and + node1.getInstruction() = fai and + node2.getInstruction() = fai.getObjectAddress() and + f.getField() = fai.getField() ) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 9e7a95e010d..449e680b850 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -10,6 +10,8 @@ private import semmle.code.cpp.ir.ValueNumbering private import semmle.code.cpp.ir.IR private import semmle.code.cpp.controlflow.IRGuards private import semmle.code.cpp.models.interfaces.DataFlow +private import DataFlowPrivate +private import Ssa as Ssa cached private module Cached { @@ -17,12 +19,28 @@ private module Cached { newtype TIRDataFlowNode = TInstructionNode(Instruction i) or TOperandNode(Operand op) or - TVariableNode(Variable var) + TVariableNode(Variable var) or + TStoreNodeInstr(Instruction i) { Ssa::explicitWrite(_, _, i) } or + TStoreNodeOperand(ArgumentOperand op) { Ssa::explicitWrite(_, _, op.getDef()) } cached predicate localFlowStepCached(Node nodeFrom, Node nodeTo) { simpleLocalFlowStep(nodeFrom, nodeTo) } + + private predicate needsPostReadNode(Instruction iFrom) { + // If the instruction generates an address that flows to a load. + Ssa::addressFlowTC(iFrom, Ssa::getSourceAddress(_)) and + ( + // And it is either a field address + iFrom instanceof FieldAddressInstruction + or + // Or it is instruction that either uses or is used for an address that needs a post read node. + exists(Instruction mid | needsPostReadNode(mid) | + Ssa::addressFlow(mid, iFrom) or Ssa::addressFlow(iFrom, mid) + ) + ) + } } private import Cached @@ -180,6 +198,99 @@ class OperandNode extends Node, TOperandNode { override string toString() { result = this.getOperand().toString() } } +/** + * INTERNAL: do not use. + * + * A `StoreNode` is a node that has been (or is about to be) the + * source or target of a `storeStep`. + */ +abstract class StoreNode extends Node { + /** Gets the underlying instruction, if any. */ + Instruction getInstruction() { none() } + + /** Gets the underlying operand, if any. */ + Operand getOperand() { none() } + + /** Holds if this node should receive flow from `addr`. */ + abstract predicate flowInto(Instruction addr); + + override Declaration getEnclosingCallable() { result = this.getFunction() } + + /** Holds if this `StoreNode` is the root of the address computation used by a store operation. */ + predicate isTerminal() { + not exists(this.getAPredecessor()) and + not storeStep(this, _, _) + } + + /** Gets the store operation that uses the address computed by this `StoreNode`. */ + abstract Instruction getStoreInstruction(); + + /** Holds if the store operation associated with this `StoreNode` overwrites the entire variable. */ + final predicate isCertain() { Ssa::explicitWrite(true, this.getStoreInstruction(), _) } + + /** + * Gets the `StoreNode` that computes the address used by this `StoreNode`. + * The boolean `readEffect` is `true` if the predecessor is accessed through the + * address of a `ReadSideEffectInstruction`. + */ + abstract StoreNode getAPredecessor(); + + /** The inverse of `StoreNode.getAPredecessor`. */ + final StoreNode getASuccessor() { result.getAPredecessor() = this } +} + +private class StoreNodeInstr extends StoreNode, TStoreNodeInstr { + Instruction instr; + + StoreNodeInstr() { this = TStoreNodeInstr(instr) } + + override predicate flowInto(Instruction addr) { this.getInstruction() = addr } + + override Instruction getInstruction() { result = instr } + + override Function getFunction() { result = this.getInstruction().getEnclosingFunction() } + + override IRType getType() { result = this.getInstruction().getResultIRType() } + + override Location getLocation() { result = this.getInstruction().getLocation() } + + override string toString() { + result = instructionNode(this.getInstruction()).toString() + " [store]" + } + + override Instruction getStoreInstruction() { + Ssa::explicitWrite(_, result, this.getInstruction()) + } + + override StoreNode getAPredecessor() { + Ssa::addressFlow(result.getInstruction(), this.getInstruction()) + } +} + +private class StoreNodeOperand extends StoreNode, TStoreNodeOperand { + ArgumentOperand operand; + + StoreNodeOperand() { this = TStoreNodeOperand(operand) } + + override predicate flowInto(Instruction addr) { this.getOperand().getDef() = addr } + + override Operand getOperand() { result = operand } + + override Function getFunction() { result = operand.getDef().getEnclosingFunction() } + + override IRType getType() { result = operand.getIRType() } + + override Location getLocation() { result = operand.getLocation() } + + override string toString() { result = operandNode(this.getOperand()).toString() + " [store]" } + + override WriteSideEffectInstruction getStoreInstruction() { + Ssa::explicitWrite(_, result, operand.getDef()) + } + + override StoreNode getAPredecessor() { operand.getDef() = result.getInstruction() } +} + /** * An expression, viewed as a node in a data flow graph. */ @@ -313,15 +424,14 @@ deprecated class UninitializedNode extends Node { * Nodes corresponding to AST elements, for example `ExprNode`, usually refer * to the value before the update with the exception of `ClassInstanceExpr`, * which represents the value after the constructor has run. - * - * This class exists to match the interface used by Java. There are currently no non-abstract - * classes that extend it. When we implement field flow, we can revisit this. */ -abstract class PostUpdateNode extends InstructionNode { +abstract class PostUpdateNode extends Node { /** * Gets the node before the state update. */ abstract Node getPreUpdateNode(); + + override string toString() { result = this.getPreUpdateNode() + " [post update]" } } /** @@ -614,6 +724,13 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { or // Instruction -> Operand flow simpleOperandLocalFlowStep(nodeFrom.asInstruction(), nodeTo.asOperand()) + or + // Flow into, through, and out of store nodes + StoreNodeFlow::flowInto(nodeFrom, nodeTo) + or + StoreNodeFlow::flowThrough(nodeFrom, nodeTo) + or + StoreNodeFlow::flowOutOf(nodeFrom, nodeTo) } pragma[noinline] @@ -631,6 +748,28 @@ private predicate isSingleFieldClass(Type type, Operand op) { c.getSize() = size and getFieldSizeOfClass(c, type, size) ) +private module StoreNodeFlow { + /** Holds if the store node `nodeTo` should receive flow from `nodeFrom`. */ + predicate flowInto(Node nodeFrom, StoreNode nodeTo) { + nodeTo.flowInto(Ssa::getDestinationAddress(nodeFrom.asInstruction())) + } + + /** Holds if the store node `nodeTo` should receive flow from `nodeFom`. */ + predicate flowThrough(StoreNode nFrom, StoreNode nodeTo) { + // Flow through a post update node that doesn't need a store step. + not storeStep(nFrom, _, _) and + nodeTo.getASuccessor() = nFrom + } + + /** + * Holds if flow should leave the store node `nodeFrom` and enter the node `nodeTo`. + * This happens because we have traversed an entire chain of field dereferences + * after a store operation. + */ + predicate flowOutOf(StoreNode nFrom, Node nodeTo) { + nFrom.isTerminal() and + Ssa::ssaFlow(nFrom, nodeTo) + } } private predicate simpleOperandLocalFlowStep(Instruction iFrom, Operand opTo) { @@ -788,25 +927,10 @@ predicate localInstructionFlow(Instruction e1, Instruction e2) { */ predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) } -/** - * Gets a field corresponding to the bit range `[startBit..endBit)` of class `c`, if any. - */ -private Field getAField(Class c, int startBit, int endBit) { - result.getDeclaringType() = c and - startBit = 8 * result.getByteOffset() and - endBit = 8 * result.getType().getSize() + startBit - or - exists(Field f, Class cInner | - f = c.getAField() and - cInner = f.getUnderlyingType() and - result = getAField(cInner, startBit - 8 * f.getByteOffset(), endBit - 8 * f.getByteOffset()) - ) -} - private newtype TContent = - TFieldContent(Class c, int startBit, int endBit) { exists(getAField(c, startBit, endBit)) } or - TCollectionContent() or - TArrayContent() + TFieldContent(Field f) or + TCollectionContent() or // Not used in C/C++ + TArrayContent() // Not used in C/C++. /** * A description of the way data may be stored inside an object. Examples @@ -824,18 +948,13 @@ class Content extends TContent { /** A reference through an instance field. */ class FieldContent extends Content, TFieldContent { - Class c; - int startBit; - int endBit; + Field f; - FieldContent() { this = TFieldContent(c, startBit, endBit) } + FieldContent() { this = TFieldContent(f) } - // Ensure that there's just 1 result for `toString`. - override string toString() { result = min(Field f | f = getAField() | f.toString()) } + override string toString() { result = f.toString() } - predicate hasOffset(Class cl, int start, int end) { cl = c and start = startBit and end = endBit } - - Field getAField() { result = getAField(c, startBit, endBit) } + Field getField() { result = f } } /** A reference through an array. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index 57ba19f71f0..b4cfa89c22f 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -301,3 +301,114 @@ predicate explicitWrite(boolean certain, Instruction instr, Instruction address) addressFlowTC(address, instr.(WriteSideEffectInstruction).getDestinationAddress()) and certain = false } + +cached +private module Cached { + private predicate defUseFlow(Node nodeFrom, Node nodeTo) { + exists(IRBlock bb1, int i1, IRBlock bb2, int i2, DefOrUse defOrUse, Use use | + defOrUse.hasRankInBlock(bb1, i1) and + use.hasRankInBlock(bb2, i2) and + adjacentDefRead(_, bb1, i1, bb2, i2) and + nodeFrom.asInstruction() = toInstruction(defOrUse) and + flowOutOfAddressStep(use.getOperand(), nodeTo) + ) + } + + private predicate fromStoreNode(StoreNode nodeFrom, Node nodeTo) { + // Def-use flow from a `StoreNode`. + exists(IRBlock bb1, int i1, IRBlock bb2, int i2, Def def, Use use | + nodeFrom.isTerminal() and + def.getInstruction() = nodeFrom.getStoreInstruction() and + def.hasRankInBlock(bb1, i1) and + adjacentDefRead(_, bb1, i1, bb2, i2) and + use.hasRankInBlock(bb2, i2) and + flowOutOfAddressStep(use.getOperand(), nodeTo) + ) + } + + /** + * Holds if `nodeFrom` is a read or write, and `nTo` is the next subsequent read of the variable + * written (or read) by `storeOrRead`. + */ + cached + predicate ssaFlow(Node nodeFrom, Node nodeTo) { + // Def-use/use-use flow from an `InstructionNode` to an `OperandNode`. + defUseFlow(nodeFrom, nodeTo) + or + // Def-use flow from a `StoreNode` to an `OperandNode`. + fromStoreNode(nodeFrom, nodeTo) + } + + private predicate flowOutOfAddressStep(Operand operand, Node nTo) { + exists(StoreNode storeNode, Instruction def | + storeNode = nTo and + def = operand.getDef() + | + storeNode.isTerminal() and + not addressFlow(def, _) and + // Only transfer flow to a store node if it doesn't immediately overwrite the address + // we've just written to. + explicitWrite(false, storeNode.getStoreInstruction(), def) + ) + or + operand = getSourceAddressOperand(nTo.asInstruction()) + or + exists(ReturnIndirectionInstruction ret | + ret.getSourceAddressOperand() = operand and + ret = nTo.asInstruction() + ) + or + exists(ReturnValueInstruction ret | + ret.getReturnAddressOperand() = operand and + nTo.asInstruction() = ret + ) + or + exists(CallInstruction call, int index, ReadSideEffectInstruction read | + call.getArgumentOperand(index) = operand and + read = getSideEffectFor(call, index) and + nTo.asOperand() = read.getSideEffectOperand() + ) + or + exists(CopyInstruction copy | + not exists(getSourceAddressOperand(copy)) and + copy.getSourceValueOperand() = operand and + flowOutOfAddressStep(copy.getAUse(), nTo) + ) + or + exists(ConvertInstruction convert | + convert.getUnaryOperand() = operand and + flowOutOfAddressStep(convert.getAUse(), nTo) + ) + or + exists(CheckedConvertOrNullInstruction convert | + convert.getUnaryOperand() = operand and + flowOutOfAddressStep(convert.getAUse(), nTo) + ) + or + exists(InheritanceConversionInstruction convert | + convert.getUnaryOperand() = operand and + flowOutOfAddressStep(convert.getAUse(), nTo) + ) + or + exists(PointerArithmeticInstruction arith | + arith.getLeftOperand() = operand and + flowOutOfAddressStep(arith.getAUse(), nTo) + ) + or + // Flow through a modelled function that has parameter -> return value flow. + exists( + CallInstruction call, DataFlow::DataFlowFunction func, int index, + DataFlow::FunctionInput input, DataFlow::FunctionOutput output + | + call.getStaticCallTarget() = func and + call.getArgumentOperand(index) = operand and + not getSideEffectFor(call, index) instanceof ReadSideEffectInstruction and + func.hasDataFlow(input, output) and + input.isParameter(index) and + output.isReturnValue() and + flowOutOfAddressStep(call.getAUse(), nTo) + ) + } +} + +import Cached From 8bef79502fda8a83544509a4b0ca0e6ac3e9cc15 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:18:08 +0100 Subject: [PATCH 05/70] C++: Similarly to the previous commit, we throw away the old memory-edges based way of doing read steps. Instead, we use the shared SSA library to transfer flow into a new ReadNode IPA branch, perform the necessary read steps, and then use the shared SSA library to transfer flow out of the ReadNode again. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 119 +--------------- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 130 +++++++++++++++++- .../code/cpp/ir/dataflow/internal/Ssa.qll | 19 +++ 3 files changed, 148 insertions(+), 120 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 4d4271941b4..9de1da31772 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -203,122 +203,15 @@ predicate storeStep(StoreNode node1, FieldContent f, StoreNode node2) { * Thus, `node1` references an object with a field `f` whose value ends up in * `node2`. */ -private predicate fieldReadStep(Node node1, FieldContent f, Node node2) { - exists(LoadOperand operand | - node2.asOperand() = operand and - node1.asInstruction() = operand.getAnyDef() and - exists(Class c | - c = operand.getAnyDef().getResultType() and - exists(int startBit, int endBit | - operand.getUsedInterval(unbindInt(startBit), unbindInt(endBit)) and - f.hasOffset(c, startBit, endBit) - ) - or - getLoadedField(operand.getUse(), f.getAField(), c) and - f.hasOffset(c, _, _) - ) +predicate readStep(ReadNode node1, FieldContent f, ReadNode node2) { + exists(FieldAddressInstruction fai | + not fai.getObjectAddress().getResultType().stripType() instanceof Union and + node1.getInstruction() = fai.getObjectAddress() and + node2.getInstruction() = fai and + f.getField() = fai.getField() ) } -/** - * When a store step happens in a function that looks like an array write such as: - * ```cpp - * void f(int* pa) { - * pa = source(); - * } - * ``` - * it can be a write to an array, but it can also happen that `f` is called as `f(&a.x)`. If that is - * the case, the `ArrayContent` that was written by the call to `f` should be popped off the access - * path, and a `FieldContent` containing `x` should be pushed instead. - * So this case pops `ArrayContent` off the access path, and the `fieldStoreStepAfterArraySuppression` - * predicate in `storeStep` ensures that we push the right `FieldContent` onto the access path. - */ -predicate suppressArrayRead(Node node1, ArrayContent a, Node node2) { - exists(a) and - exists(WriteSideEffectInstruction write, ChiInstruction chi | - node1.asInstruction() = write and - node2.asInstruction() = chi and - chi.getPartial() = write and - getWrittenField(write, _, _) - ) -} - -private class ArrayToPointerConvertInstruction extends ConvertInstruction { - ArrayToPointerConvertInstruction() { - this.getUnary().getResultType() instanceof ArrayType and - this.getResultType() instanceof PointerType - } -} - -private Instruction skipOneCopyValueInstructionRec(CopyValueInstruction copy) { - copy.getUnary() = result and not result instanceof CopyValueInstruction - or - result = skipOneCopyValueInstructionRec(copy.getUnary()) -} - -private Instruction skipCopyValueInstructions(Operand op) { - not result instanceof CopyValueInstruction and result = op.getDef() - or - result = skipOneCopyValueInstructionRec(op.getDef()) -} - -private predicate arrayReadStep(Node node1, ArrayContent a, Node node2) { - exists(a) and - // Explicit dereferences such as `*p` or `p[i]` where `p` is a pointer or array. - exists(LoadOperand operand, Instruction address | - operand.isDefinitionInexact() and - node1.asInstruction() = operand.getAnyDef() and - operand = node2.asOperand() and - address = skipCopyValueInstructions(operand.getAddressOperand()) and - ( - address instanceof LoadInstruction or - address instanceof ArrayToPointerConvertInstruction or - address instanceof PointerOffsetInstruction - ) - ) -} - -/** - * In cases such as: - * ```cpp - * void f(int* pa) { - * *pa = source(); - * } - * ... - * int x; - * f(&x); - * use(x); - * ``` - * the load on `x` in `use(x)` will exactly overlap with its definition (in this case the definition - * is a `WriteSideEffect`). This predicate pops the `ArrayContent` (pushed by the store in `f`) - * from the access path. - */ -private predicate exactReadStep(Node node1, ArrayContent a, Node node2) { - exists(a) and - exists(WriteSideEffectInstruction write, ChiInstruction chi | - not chi.isResultConflated() and - chi.getPartial() = write and - node1.asInstruction() = write and - node2.asInstruction() = chi and - // To distinquish this case from the `arrayReadStep` case we require that the entire variable was - // overwritten by the `WriteSideEffectInstruction` (i.e., there is a load that reads the - // entire variable). - exists(LoadInstruction load | load.getSourceValue() = chi) - ) -} - -/** - * Holds if data can flow from `node1` to `node2` via a read of `f`. - * Thus, `node1` references an object with a field `f` whose value ends up in - * `node2`. - */ -predicate readStep(Node node1, Content f, Node node2) { - fieldReadStep(node1, f, node2) or - arrayReadStep(node1, f, node2) or - exactReadStep(node1, f, node2) or - suppressArrayRead(node1, f, node2) -} - /** * Holds if values stored inside content `c` are cleared at node `n`. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 449e680b850..6291362855c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -21,7 +21,8 @@ private module Cached { TOperandNode(Operand op) or TVariableNode(Variable var) or TStoreNodeInstr(Instruction i) { Ssa::explicitWrite(_, _, i) } or - TStoreNodeOperand(ArgumentOperand op) { Ssa::explicitWrite(_, _, op.getDef()) } + TStoreNodeOperand(ArgumentOperand op) { Ssa::explicitWrite(_, _, op.getDef()) } or + TReadNode(Instruction i) { needsPostReadNode(i) } cached predicate localFlowStepCached(Node nodeFrom, Node nodeTo) { @@ -291,6 +292,61 @@ private class StoreNodeOperand extends StoreNode, TStoreNodeOperand { override StoreNode getAPredecessor() { operand.getDef() = result.getInstruction() } } +/** + * INTERNAL: do not use. + * + * A `ReadNode` is a node that has been (or is about to be) the + * source or target of a `readStep`. + */ +class ReadNode extends Node, TReadNode { + Instruction i; + + ReadNode() { this = TReadNode(i) } + + /** Gets the underlying instruction. */ + Instruction getInstruction() { result = i } + + override Declaration getEnclosingCallable() { result = this.getFunction() } + + override Function getFunction() { result = this.getInstruction().getEnclosingFunction() } + + override IRType getType() { result = this.getInstruction().getResultIRType() } + + override Location getLocation() { result = this.getInstruction().getLocation() } + + override string toString() { + result = instructionNode(this.getInstruction()).toString() + " [read]" + } + + /** Gets a load instruction that uses the address computed by this read node. */ + final Instruction getALoadInstruction() { + Ssa::addressFlowTC(this.getInstruction(), Ssa::getSourceAddress(result)) + } + + /** + * Gets a read node with an underlying instruction that is used by this + * underlying instruction to compute an address of a load instruction. + */ + final ReadNode getAPredecessor() { + Ssa::addressFlow(result.getInstruction(), this.getInstruction()) + } + + /** The inverse of `ReadNode.getAPredecessor`. */ + final ReadNode getASuccessor() { result.getAPredecessor() = this } + + /** Holds if this read node computes a value that will not be used for any future read nodes. */ + final predicate isTerminal() { + not exists(this.getASuccessor()) and + not readStep(this, _, _) + } + + /** Holds if this read node computes a value that has not yet been used for any read operations. */ + final predicate isInitial() { + not exists(this.getAPredecessor()) and + not readStep(_, _, this) + } +} + /** * An expression, viewed as a node in a data flow graph. */ @@ -731,6 +787,13 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { StoreNodeFlow::flowThrough(nodeFrom, nodeTo) or StoreNodeFlow::flowOutOf(nodeFrom, nodeTo) + or + // Flow into, through, and out of read nodes + ReadNodeFlow::flowInto(nodeFrom, nodeTo) + or + ReadNodeFlow::flowThrough(nodeFrom, nodeTo) + or + ReadNodeFlow::flowOutOf(nodeFrom, nodeTo) } pragma[noinline] @@ -742,12 +805,65 @@ private predicate getFieldSizeOfClass(Class c, Type type, int size) { ) } -private predicate isSingleFieldClass(Type type, Operand op) { - exists(int size, Class c | - c = op.getType().getUnderlyingType() and - c.getSize() = size and - getFieldSizeOfClass(c, type, size) - ) +private module ReadNodeFlow { + /** Holds if the read node `nodeTo` should receive flow from `nodeFrom`. */ + predicate flowInto(Node nodeFrom, ReadNode nodeTo) { + nodeTo.isInitial() and + ( + // If we entered through an address operand. + nodeFrom.asOperand().getDef() = nodeTo.getInstruction() + or + // If we entered flow through a memory-producing instruction. + // This can happen if we have flow to an `InitializeParameterIndirection` through + // a `ReadSideEffectInstruction`. + exists(Instruction load, Instruction def | + def = nodeFrom.asInstruction() and + def = Ssa::getSourceValueOperand(load).getAnyDef() and + not def = any(StoreNode store).getStoreInstruction() and + pragma[only_bind_into](nodeTo).getALoadInstruction() = load + ) + ) + } + + /** Holds if the read node `nodeTo` should receive flow from the read node `nodeFrom`. */ + predicate flowThrough(ReadNode nodeFrom, ReadNode nodeTo) { + not readStep(nodeFrom, _, _) and + nodeFrom.getASuccessor() = nodeTo + } + + /** + * Holds if flow should leave the read node `nFrom` and enter the node `nodeTo`. + * This happens either because there is use-use flow from one of the variables used in + * the read operation, or because we have traversed all the field dereferences in the + * read operation. + */ + predicate flowOutOf(ReadNode nFrom, Node nodeTo) { + // Use-use flow to another use of the same variable instruction + Ssa::ssaFlow(nFrom, nodeTo) + or + not exists(nFrom.getAPredecessor()) and + exists(Node store | + Ssa::explicitWrite(_, store.asInstruction(), nFrom.getInstruction()) and + Ssa::ssaFlow(store, nodeTo) + ) + or + // Flow out of read nodes and into memory instructions if we cannot move any further through + // read nodes. + nFrom.isTerminal() and + ( + exists(Instruction load | + load = nodeTo.asInstruction() and + Ssa::getSourceAddress(load) = nFrom.getInstruction() + ) + or + exists(CallInstruction call, int i | + call.getArgument(i) = nodeTo.asInstruction() and + call.getArgument(i) = nFrom.getInstruction() + ) + ) + } +} + private module StoreNodeFlow { /** Holds if the store node `nodeTo` should receive flow from `nodeFrom`. */ predicate flowInto(Node nodeFrom, StoreNode nodeTo) { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index b4cfa89c22f..bb6e3addf81 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -326,6 +326,16 @@ private module Cached { ) } + private predicate fromReadNode(ReadNode nodeFrom, Node nodeTo) { + exists(IRBlock bb1, int i1, IRBlock bb2, int i2, Use use1, Use use2 | + use1.hasRankInBlock(bb1, i1) and + use2.hasRankInBlock(bb2, i2) and + use1.getOperand().getDef() = nodeFrom.getInstruction() and + adjacentDefRead(_, bb1, i1, bb2, i2) and + flowOutOfAddressStep(use2.getOperand(), nodeTo) + ) + } + /** * Holds if `nodeFrom` is a read or write, and `nTo` is the next subsequent read of the variable * written (or read) by `storeOrRead`. @@ -337,9 +347,18 @@ private module Cached { or // Def-use flow from a `StoreNode` to an `OperandNode`. fromStoreNode(nodeFrom, nodeTo) + or + // Use-use flow from a `ReadNode` to an `OperandNode` + fromReadNode(nodeFrom, nodeTo) } private predicate flowOutOfAddressStep(Operand operand, Node nTo) { + // Flow into a read node + exists(ReadNode readNode | readNode = nTo | + readNode.isInitial() and + operand.getDef() = readNode.getInstruction() + ) + or exists(StoreNode storeNode, Instruction def | storeNode = nTo and def = operand.getDef() From 3a488574e59624e8e6301ff824a81139c1f58206 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:19:31 +0100 Subject: [PATCH 06/70] C++: Rewrite the PartialDefinitionNode classes to match the new StoreNodes. --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 147 +----- .../fields/partial-definition-diff.expected | 448 +++--------------- .../fields/partial-definition-ir.expected | 439 ++++++++++++++++- .../fields/partial-definition.expected | 4 + 4 files changed, 540 insertions(+), 498 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 6291362855c..f8b4f3b8df0 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -498,7 +498,7 @@ abstract class PostUpdateNode extends Node { * value, but does not necessarily replace it entirely. For example: * ``` * x.y = 1; // a partial definition of the object `x`. - * x.y.z = 1; // a partial definition of the object `x.y`. + * x.y.z = 1; // a partial definition of the object `x.y` and `x`. * x.setY(1); // a partial definition of the object `x`. * setY(&x); // a partial definition of the object `x`. * ``` @@ -507,135 +507,34 @@ abstract private class PartialDefinitionNode extends PostUpdateNode { abstract Expr getDefinedExpr(); } -private class ExplicitFieldStoreQualifierNode extends PartialDefinitionNode { - override ChiInstruction instr; - StoreInstruction store; - - ExplicitFieldStoreQualifierNode() { - not instr.isResultConflated() and - instr.getPartial() = store and - ( - instr.getUpdatedInterval(_, _) or - store.getDestinationAddress() instanceof FieldAddressInstruction - ) +private class FieldPartialDefinitionNode extends PartialDefinitionNode, StoreNodeInstr { + FieldPartialDefinitionNode() { + this.getInstruction() = any(FieldAddressInstruction fai).getObjectAddress() } - // By using an operand as the result of this predicate we avoid the dataflow inconsistency errors - // caused by having multiple nodes sharing the same pre update node. This inconsistency error can cause - // a tuple explosion in the big step dataflow relation since it can make many nodes be the entry node - // into a big step. - override Node getPreUpdateNode() { result.asOperand() = instr.getTotalOperand() } + override Node getPreUpdateNode() { result.asInstruction() = this.getInstruction() } + + override Expr getDefinedExpr() { result = this.getInstruction().getUnconvertedResultExpression() } + + override string toString() { result = PartialDefinitionNode.super.toString() } +} + +private class NonPartialDefinitionPostUpdate extends PostUpdateNode, StoreNodeInstr { + NonPartialDefinitionPostUpdate() { not this instanceof PartialDefinitionNode } + + override Node getPreUpdateNode() { result.asInstruction() = this.getInstruction() } + + override string toString() { result = PostUpdateNode.super.toString() } +} + +private class ArgumentPostUpdateNode extends PartialDefinitionNode, StoreNodeOperand { + override ArgumentNode getPreUpdateNode() { result.asOperand() = operand } override Expr getDefinedExpr() { - result = - store - .getDestinationAddress() - .(FieldAddressInstruction) - .getObjectAddress() - .getUnconvertedResultExpression() - } -} - -/** - * Not every store instruction generates a chi instruction that we can attach a PostUpdateNode to. - * For instance, an update to a field of a struct containing only one field. Even if the store does - * have a chi instruction, a subsequent use of the result of the store may be linked directly to the - * result of the store as an inexact definition if the store totally overlaps the use. For these - * cases we attach the PostUpdateNode to the store instruction. There's no obvious pre update node - * for this case (as the entire memory is updated), so `getPreUpdateNode` is implemented as - * `none()`. - */ -private class ExplicitSingleFieldStoreQualifierNode extends PartialDefinitionNode { - override StoreInstruction instr; - - ExplicitSingleFieldStoreQualifierNode() { - ( - instr.getAUse().isDefinitionInexact() - or - not exists(ChiInstruction chi | chi.getPartial() = instr) - ) and - // Without this condition any store would create a `PostUpdateNode`. - instr.getDestinationAddress() instanceof FieldAddressInstruction + result = this.getOperand().getDef().getUnconvertedResultExpression() } - override Node getPreUpdateNode() { none() } - - override Expr getDefinedExpr() { - result = - instr - .getDestinationAddress() - .(FieldAddressInstruction) - .getObjectAddress() - .getUnconvertedResultExpression() - } -} - -private FieldAddressInstruction getFieldInstruction(Instruction instr) { - result = instr or - result = instr.(CopyValueInstruction).getUnary() -} - -/** - * The target of a `fieldStoreStepAfterArraySuppression` store step, which is used to convert - * an `ArrayContent` to a `FieldContent` when the `WriteSideEffect` instruction stores - * into a field. See the QLDoc for `suppressArrayRead` for an example of where such a conversion - * is inserted. - */ -private class WriteSideEffectFieldStoreQualifierNode extends PartialDefinitionNode { - override ChiInstruction instr; - WriteSideEffectInstruction write; - FieldAddressInstruction field; - - WriteSideEffectFieldStoreQualifierNode() { - not instr.isResultConflated() and - instr.getPartial() = write and - field = getFieldInstruction(write.getDestinationAddress()) - } - - override Node getPreUpdateNode() { result.asOperand() = instr.getTotalOperand() } - - override Expr getDefinedExpr() { - result = field.getObjectAddress().getUnconvertedResultExpression() - } -} - -/** - * The `PostUpdateNode` that is the target of a `arrayStoreStepChi` store step. The overriden - * `ChiInstruction` corresponds to the instruction represented by `node2` in `arrayStoreStepChi`. - */ -private class ArrayStoreNode extends PartialDefinitionNode { - override ChiInstruction instr; - PointerAddInstruction add; - - ArrayStoreNode() { - not instr.isResultConflated() and - exists(StoreInstruction store | - instr.getPartial() = store and - add = store.getDestinationAddress() - ) - } - - override Node getPreUpdateNode() { result.asOperand() = instr.getTotalOperand() } - - override Expr getDefinedExpr() { result = add.getLeft().getUnconvertedResultExpression() } -} - -/** - * The `PostUpdateNode` that is the target of a `arrayStoreStepChi` store step. The overriden - * `ChiInstruction` corresponds to the instruction represented by `node2` in `arrayStoreStepChi`. - */ -private class PointerStoreNode extends PostUpdateNode { - override ChiInstruction instr; - - PointerStoreNode() { - not instr.isResultConflated() and - exists(StoreInstruction store | - instr.getPartial() = store and - store.getDestinationAddress().(CopyValueInstruction).getUnary() instanceof LoadInstruction - ) - } - - override Node getPreUpdateNode() { result.asOperand() = instr.getTotalOperand() } + override string toString() { result = PartialDefinitionNode.super.toString() } } /** diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected index bd670c38ba5..a2eb9f15991 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected @@ -1,152 +1,93 @@ | A.cpp:25:13:25:13 | c | AST only | | A.cpp:27:28:27:28 | c | AST only | -| A.cpp:31:20:31:20 | c | AST only | -| A.cpp:40:5:40:6 | cc | AST only | -| A.cpp:41:5:41:6 | ct | AST only | -| A.cpp:42:10:42:12 | & ... | AST only | -| A.cpp:43:10:43:12 | & ... | AST only | -| A.cpp:48:20:48:20 | c | AST only | -| A.cpp:49:10:49:10 | b | AST only | -| A.cpp:49:13:49:13 | c | AST only | -| A.cpp:55:5:55:5 | b | AST only | -| A.cpp:56:10:56:10 | b | AST only | -| A.cpp:56:13:56:15 | call to get | AST only | -| A.cpp:57:28:57:30 | call to get | AST only | -| A.cpp:64:10:64:15 | this | AST only | -| A.cpp:64:17:64:18 | b1 | AST only | -| A.cpp:65:10:65:11 | b1 | AST only | -| A.cpp:65:14:65:14 | c | AST only | -| A.cpp:66:10:66:11 | b2 | AST only | -| A.cpp:66:14:66:14 | c | AST only | -| A.cpp:73:10:73:19 | this | AST only | -| A.cpp:73:21:73:22 | b1 | AST only | -| A.cpp:74:10:74:11 | b1 | AST only | -| A.cpp:74:14:74:14 | c | AST only | -| A.cpp:75:10:75:11 | b2 | AST only | -| A.cpp:75:14:75:14 | c | AST only | -| A.cpp:81:10:81:15 | this | AST only | -| A.cpp:81:17:81:18 | b1 | AST only | -| A.cpp:81:21:81:21 | c | AST only | -| A.cpp:82:12:82:12 | this | AST only | -| A.cpp:87:9:87:9 | this | AST only | -| A.cpp:90:7:90:8 | b2 | AST only | -| A.cpp:90:15:90:15 | c | AST only | +| A.cpp:31:14:31:21 | new | IR only | +| A.cpp:40:8:40:13 | 0 | IR only | +| A.cpp:41:8:41:13 | new | IR only | +| A.cpp:41:15:41:21 | new | IR only | +| A.cpp:47:12:47:18 | new | IR only | +| A.cpp:54:12:54:18 | new | IR only | +| A.cpp:55:8:55:10 | new | IR only | +| A.cpp:55:12:55:19 | new | IR only | +| A.cpp:57:11:57:24 | new | IR only | +| A.cpp:57:11:57:24 | new | IR only | +| A.cpp:57:17:57:23 | new | IR only | +| A.cpp:57:28:57:30 | new | IR only | +| A.cpp:62:13:62:19 | new | IR only | +| A.cpp:64:10:64:15 | new | IR only | +| A.cpp:64:21:64:28 | new | IR only | +| A.cpp:71:13:71:19 | new | IR only | +| A.cpp:73:10:73:19 | new | IR only | +| A.cpp:73:25:73:32 | new | IR only | +| A.cpp:89:15:89:21 | new | IR only | +| A.cpp:99:14:99:21 | new | IR only | | A.cpp:100:9:100:9 | a | AST only | -| A.cpp:101:5:101:6 | this | AST only | -| A.cpp:101:8:101:9 | c1 | AST only | -| A.cpp:107:12:107:13 | c1 | AST only | -| A.cpp:107:16:107:16 | a | AST only | -| A.cpp:120:12:120:13 | c1 | AST only | -| A.cpp:120:16:120:16 | a | AST only | -| A.cpp:126:5:126:5 | b | AST only | -| A.cpp:131:5:131:6 | this | AST only | -| A.cpp:131:8:131:8 | b | AST only | -| A.cpp:132:10:132:10 | b | AST only | -| A.cpp:132:13:132:13 | c | AST only | +| A.cpp:116:12:116:19 | new | IR only | +| A.cpp:126:8:126:10 | new | IR only | +| A.cpp:126:12:126:18 | new | IR only | +| A.cpp:130:12:130:18 | new | IR only | | A.cpp:142:10:142:10 | c | AST only | +| A.cpp:142:14:142:20 | new | IR only | | A.cpp:143:13:143:13 | b | AST only | -| A.cpp:151:18:151:18 | b | AST only | -| A.cpp:151:21:151:21 | this | AST only | -| A.cpp:152:10:152:10 | d | AST only | -| A.cpp:152:13:152:13 | b | AST only | -| A.cpp:153:10:153:10 | d | AST only | -| A.cpp:153:13:153:13 | b | AST only | -| A.cpp:153:16:153:16 | c | AST only | -| A.cpp:154:10:154:10 | b | AST only | -| A.cpp:154:13:154:13 | c | AST only | -| A.cpp:160:29:160:29 | b | AST only | -| A.cpp:161:38:161:39 | l1 | AST only | -| A.cpp:162:38:162:39 | l2 | AST only | -| A.cpp:163:10:163:11 | l3 | AST only | -| A.cpp:163:14:163:17 | head | AST only | -| A.cpp:164:10:164:11 | l3 | AST only | -| A.cpp:164:14:164:17 | next | AST only | -| A.cpp:164:20:164:23 | head | AST only | -| A.cpp:165:10:165:11 | l3 | AST only | -| A.cpp:165:14:165:17 | next | AST only | -| A.cpp:165:20:165:23 | next | AST only | -| A.cpp:165:26:165:29 | head | AST only | -| A.cpp:166:10:166:11 | l3 | AST only | -| A.cpp:166:14:166:17 | next | AST only | -| A.cpp:166:20:166:23 | next | AST only | -| A.cpp:166:26:166:29 | next | AST only | -| A.cpp:166:32:166:35 | head | AST only | -| A.cpp:169:12:169:12 | l | AST only | -| A.cpp:169:15:169:18 | head | AST only | +| A.cpp:143:25:143:31 | new | IR only | +| A.cpp:150:12:150:18 | new | IR only | +| A.cpp:151:12:151:24 | new | IR only | +| A.cpp:159:12:159:18 | new | IR only | +| A.cpp:160:18:160:60 | new | IR only | +| A.cpp:160:18:160:60 | new | IR only | +| A.cpp:160:32:160:59 | 0 | IR only | +| A.cpp:160:32:160:59 | 0 | IR only | +| A.cpp:160:32:160:59 | new | IR only | +| A.cpp:161:18:161:40 | 0 | IR only | +| A.cpp:161:18:161:40 | new | IR only | +| A.cpp:162:18:162:40 | 0 | IR only | +| A.cpp:162:18:162:40 | new | IR only | | A.cpp:183:7:183:10 | head | AST only | | A.cpp:184:13:184:16 | next | AST only | -| B.cpp:7:25:7:25 | e | AST only | -| B.cpp:8:25:8:26 | b1 | AST only | -| B.cpp:9:10:9:11 | b2 | AST only | -| B.cpp:9:14:9:17 | box1 | AST only | -| B.cpp:9:20:9:24 | elem1 | AST only | -| B.cpp:10:10:10:11 | b2 | AST only | -| B.cpp:10:14:10:17 | box1 | AST only | -| B.cpp:10:20:10:24 | elem2 | AST only | -| B.cpp:16:37:16:37 | e | AST only | -| B.cpp:17:25:17:26 | b1 | AST only | -| B.cpp:18:10:18:11 | b2 | AST only | -| B.cpp:18:14:18:17 | box1 | AST only | -| B.cpp:18:20:18:24 | elem1 | AST only | -| B.cpp:19:10:19:11 | b2 | AST only | -| B.cpp:19:14:19:17 | box1 | AST only | -| B.cpp:19:20:19:24 | elem2 | AST only | +| B.cpp:7:16:7:35 | 0 | IR only | +| B.cpp:7:16:7:35 | new | IR only | +| B.cpp:8:16:8:27 | new | IR only | +| B.cpp:16:16:16:38 | 0 | IR only | +| B.cpp:16:16:16:38 | new | IR only | +| B.cpp:17:16:17:27 | new | IR only | | B.cpp:35:13:35:17 | elem1 | AST only | | B.cpp:36:13:36:17 | elem2 | AST only | | B.cpp:46:13:46:16 | box1 | AST only | -| C.cpp:19:5:19:5 | c | AST only | +| C.cpp:18:12:18:18 | new | IR only | | C.cpp:24:11:24:12 | s3 | AST only | +| C.cpp:30:5:30:8 | s2 | IR only | +| C.cpp:30:10:30:11 | this | IR only | +| C.cpp:32:5:32:8 | s4 | IR only | | D.cpp:9:21:9:24 | elem | AST only | | D.cpp:11:29:11:32 | elem | AST only | | D.cpp:16:21:16:23 | box | AST only | | D.cpp:18:29:18:31 | box | AST only | -| D.cpp:22:10:22:11 | b2 | AST only | -| D.cpp:22:14:22:20 | call to getBox1 | AST only | -| D.cpp:22:25:22:31 | call to getElem | AST only | -| D.cpp:30:5:30:5 | b | AST only | -| D.cpp:30:8:30:10 | box | AST only | +| D.cpp:29:15:29:41 | new | IR only | +| D.cpp:29:15:29:41 | new | IR only | +| D.cpp:29:24:29:40 | 0 | IR only | +| D.cpp:29:24:29:40 | new | IR only | | D.cpp:30:13:30:16 | elem | AST only | -| D.cpp:31:14:31:14 | b | AST only | -| D.cpp:37:5:37:5 | b | AST only | -| D.cpp:37:8:37:10 | box | AST only | -| D.cpp:37:21:37:21 | e | AST only | -| D.cpp:38:14:38:14 | b | AST only | -| D.cpp:44:5:44:5 | b | AST only | -| D.cpp:44:8:44:14 | call to getBox1 | AST only | +| D.cpp:36:15:36:41 | new | IR only | +| D.cpp:36:15:36:41 | new | IR only | +| D.cpp:36:24:36:40 | 0 | IR only | +| D.cpp:36:24:36:40 | new | IR only | +| D.cpp:43:15:43:41 | new | IR only | +| D.cpp:43:15:43:41 | new | IR only | +| D.cpp:43:24:43:40 | 0 | IR only | +| D.cpp:43:24:43:40 | new | IR only | | D.cpp:44:19:44:22 | elem | AST only | -| D.cpp:45:14:45:14 | b | AST only | -| D.cpp:51:5:51:5 | b | AST only | -| D.cpp:51:8:51:14 | call to getBox1 | AST only | -| D.cpp:51:27:51:27 | e | AST only | -| D.cpp:52:14:52:14 | b | AST only | +| D.cpp:50:15:50:41 | new | IR only | +| D.cpp:50:15:50:41 | new | IR only | +| D.cpp:50:24:50:40 | 0 | IR only | +| D.cpp:50:24:50:40 | new | IR only | | D.cpp:57:5:57:12 | boxfield | AST only | -| D.cpp:58:5:58:12 | boxfield | AST only | -| D.cpp:58:5:58:12 | this | AST only | -| D.cpp:58:15:58:17 | box | AST only | +| D.cpp:57:16:57:42 | new | IR only | +| D.cpp:57:16:57:42 | new | IR only | +| D.cpp:57:25:57:41 | 0 | IR only | +| D.cpp:57:25:57:41 | new | IR only | | D.cpp:58:20:58:23 | elem | AST only | -| D.cpp:59:5:59:7 | this | AST only | -| D.cpp:64:10:64:17 | boxfield | AST only | -| D.cpp:64:10:64:17 | this | AST only | -| D.cpp:64:20:64:22 | box | AST only | -| D.cpp:64:25:64:28 | elem | AST only | -| E.cpp:21:10:21:10 | p | AST only | -| E.cpp:21:13:21:16 | data | AST only | -| E.cpp:21:18:21:23 | buffer | AST only | -| E.cpp:28:21:28:23 | raw | AST only | -| E.cpp:29:21:29:21 | b | AST only | -| E.cpp:29:24:29:29 | buffer | AST only | -| E.cpp:30:21:30:21 | p | AST only | -| E.cpp:30:23:30:26 | data | AST only | -| E.cpp:30:28:30:33 | buffer | AST only | -| E.cpp:31:10:31:12 | raw | AST only | -| E.cpp:32:10:32:10 | b | AST only | -| E.cpp:32:13:32:18 | buffer | AST only | -| E.cpp:33:18:33:19 | & ... | AST only | | aliasing.cpp:9:6:9:7 | m1 | AST only | | aliasing.cpp:13:5:13:6 | m1 | AST only | | aliasing.cpp:17:5:17:6 | m1 | AST only | -| aliasing.cpp:25:17:25:19 | & ... | AST only | -| aliasing.cpp:26:19:26:20 | s2 | AST only | | aliasing.cpp:37:8:37:9 | m1 | AST only | | aliasing.cpp:42:6:42:7 | m1 | AST only | | aliasing.cpp:49:9:49:10 | m1 | AST only | @@ -155,291 +96,52 @@ | aliasing.cpp:72:5:72:6 | m1 | AST only | | aliasing.cpp:79:6:79:7 | m1 | AST only | | aliasing.cpp:86:5:86:6 | m1 | AST only | -| aliasing.cpp:92:3:92:3 | w | AST only | | aliasing.cpp:92:7:92:8 | m1 | AST only | | aliasing.cpp:98:5:98:6 | m1 | AST only | | aliasing.cpp:106:3:106:5 | * ... | AST only | -| aliasing.cpp:111:15:111:19 | & ... | AST only | -| aliasing.cpp:121:15:121:16 | xs | AST only | -| aliasing.cpp:126:15:126:20 | ... - ... | AST only | -| aliasing.cpp:131:15:131:16 | xs | AST only | -| aliasing.cpp:136:15:136:17 | + ... | AST only | -| aliasing.cpp:141:15:141:15 | s | AST only | -| aliasing.cpp:141:17:141:20 | data | AST only | -| aliasing.cpp:147:15:147:22 | & ... | AST only | -| aliasing.cpp:158:15:158:15 | s | AST only | -| aliasing.cpp:158:17:158:20 | data | AST only | -| aliasing.cpp:164:15:164:15 | s | AST only | -| aliasing.cpp:164:17:164:20 | data | AST only | -| aliasing.cpp:175:15:175:22 | & ... | AST only | -| aliasing.cpp:175:16:175:17 | s2 | AST only | -| aliasing.cpp:181:15:181:22 | & ... | AST only | -| aliasing.cpp:181:16:181:17 | s2 | AST only | -| aliasing.cpp:187:15:187:22 | & ... | AST only | -| aliasing.cpp:187:16:187:17 | s2 | AST only | -| aliasing.cpp:194:15:194:22 | & ... | AST only | -| aliasing.cpp:194:16:194:17 | s2 | AST only | -| aliasing.cpp:200:15:200:24 | & ... | AST only | -| aliasing.cpp:200:16:200:18 | ps2 | AST only | -| aliasing.cpp:205:15:205:24 | & ... | AST only | -| aliasing.cpp:205:16:205:18 | ps2 | AST only | | arrays.cpp:6:3:6:8 | access to array | AST only | -| arrays.cpp:6:3:6:23 | arr | IR only | +| arrays.cpp:7:3:7:6 | access to array | IR only | +| arrays.cpp:8:3:8:6 | access to array | IR only | +| arrays.cpp:9:3:9:6 | * ... | IR only | +| arrays.cpp:10:3:10:6 | * ... | IR only | | arrays.cpp:15:3:15:10 | * ... | AST only | -| arrays.cpp:36:3:36:3 | o | AST only | -| arrays.cpp:36:5:36:10 | nested | AST only | +| arrays.cpp:16:3:16:6 | access to array | IR only | +| arrays.cpp:17:3:17:6 | access to array | IR only | | arrays.cpp:36:19:36:22 | data | AST only | -| arrays.cpp:37:8:37:8 | o | AST only | -| arrays.cpp:37:8:37:22 | access to array | AST only | -| arrays.cpp:37:10:37:15 | nested | AST only | -| arrays.cpp:37:24:37:27 | data | AST only | -| arrays.cpp:38:8:38:8 | o | AST only | -| arrays.cpp:38:8:38:22 | access to array | AST only | -| arrays.cpp:38:10:38:15 | nested | AST only | -| arrays.cpp:38:24:38:27 | data | AST only | -| arrays.cpp:42:3:42:3 | o | AST only | -| arrays.cpp:42:3:42:20 | access to array | AST only | -| arrays.cpp:42:5:42:12 | indirect | AST only | | arrays.cpp:42:22:42:25 | data | AST only | -| arrays.cpp:43:8:43:8 | o | AST only | -| arrays.cpp:43:8:43:25 | access to array | AST only | -| arrays.cpp:43:10:43:17 | indirect | AST only | -| arrays.cpp:43:27:43:30 | data | AST only | -| arrays.cpp:44:8:44:8 | o | AST only | -| arrays.cpp:44:8:44:25 | access to array | AST only | -| arrays.cpp:44:10:44:17 | indirect | AST only | -| arrays.cpp:44:27:44:30 | data | AST only | -| arrays.cpp:48:3:48:3 | o | AST only | -| arrays.cpp:48:3:48:20 | access to array | AST only | -| arrays.cpp:48:5:48:12 | indirect | AST only | | arrays.cpp:48:22:48:25 | data | AST only | -| arrays.cpp:49:8:49:8 | o | AST only | -| arrays.cpp:49:8:49:25 | access to array | AST only | -| arrays.cpp:49:10:49:17 | indirect | AST only | -| arrays.cpp:49:27:49:30 | data | AST only | -| arrays.cpp:50:8:50:8 | o | AST only | -| arrays.cpp:50:8:50:25 | access to array | AST only | -| arrays.cpp:50:10:50:17 | indirect | AST only | -| arrays.cpp:50:27:50:30 | data | AST only | | by_reference.cpp:12:8:12:8 | a | AST only | | by_reference.cpp:16:11:16:11 | a | AST only | -| by_reference.cpp:20:5:20:8 | this | AST only | -| by_reference.cpp:20:23:20:27 | value | AST only | -| by_reference.cpp:24:19:24:22 | this | AST only | -| by_reference.cpp:24:25:24:29 | value | AST only | | by_reference.cpp:40:12:40:15 | this | AST only | -| by_reference.cpp:50:3:50:3 | s | AST only | -| by_reference.cpp:50:17:50:26 | call to user_input | AST only | | by_reference.cpp:51:8:51:8 | s | AST only | -| by_reference.cpp:51:10:51:20 | call to getDirectly | AST only | -| by_reference.cpp:56:3:56:3 | s | AST only | -| by_reference.cpp:56:19:56:28 | call to user_input | AST only | | by_reference.cpp:57:8:57:8 | s | AST only | -| by_reference.cpp:57:10:57:22 | call to getIndirectly | AST only | -| by_reference.cpp:62:3:62:3 | s | AST only | -| by_reference.cpp:62:25:62:34 | call to user_input | AST only | | by_reference.cpp:63:8:63:8 | s | AST only | -| by_reference.cpp:63:10:63:28 | call to getThroughNonMember | AST only | -| by_reference.cpp:68:17:68:18 | & ... | AST only | -| by_reference.cpp:68:21:68:30 | call to user_input | AST only | -| by_reference.cpp:69:8:69:20 | call to nonMemberGetA | AST only | | by_reference.cpp:84:10:84:10 | a | AST only | | by_reference.cpp:88:9:88:9 | a | AST only | | by_reference.cpp:92:3:92:5 | * ... | AST only | | by_reference.cpp:96:3:96:4 | pa | AST only | -| by_reference.cpp:102:21:102:39 | & ... | AST only | -| by_reference.cpp:103:21:103:25 | outer | AST only | -| by_reference.cpp:103:27:103:35 | inner_ptr | AST only | -| by_reference.cpp:104:15:104:22 | & ... | AST only | -| by_reference.cpp:106:21:106:41 | & ... | AST only | -| by_reference.cpp:107:21:107:26 | pouter | AST only | -| by_reference.cpp:107:29:107:37 | inner_ptr | AST only | -| by_reference.cpp:108:15:108:24 | & ... | AST only | -| by_reference.cpp:110:8:110:12 | outer | AST only | -| by_reference.cpp:110:14:110:25 | inner_nested | AST only | -| by_reference.cpp:110:27:110:27 | a | AST only | -| by_reference.cpp:111:8:111:12 | outer | AST only | -| by_reference.cpp:111:14:111:22 | inner_ptr | AST only | -| by_reference.cpp:111:25:111:25 | a | AST only | -| by_reference.cpp:112:8:112:12 | outer | AST only | -| by_reference.cpp:112:14:112:14 | a | AST only | -| by_reference.cpp:114:8:114:13 | pouter | AST only | -| by_reference.cpp:114:16:114:27 | inner_nested | AST only | -| by_reference.cpp:114:29:114:29 | a | AST only | -| by_reference.cpp:115:8:115:13 | pouter | AST only | -| by_reference.cpp:115:16:115:24 | inner_ptr | AST only | -| by_reference.cpp:115:27:115:27 | a | AST only | -| by_reference.cpp:116:8:116:13 | pouter | AST only | -| by_reference.cpp:116:16:116:16 | a | AST only | -| by_reference.cpp:122:27:122:38 | inner_nested | AST only | -| by_reference.cpp:123:21:123:36 | * ... | AST only | -| by_reference.cpp:123:22:123:26 | outer | AST only | -| by_reference.cpp:124:21:124:21 | a | AST only | -| by_reference.cpp:126:29:126:40 | inner_nested | AST only | -| by_reference.cpp:127:21:127:38 | * ... | AST only | -| by_reference.cpp:127:22:127:27 | pouter | AST only | -| by_reference.cpp:128:23:128:23 | a | AST only | -| by_reference.cpp:130:8:130:12 | outer | AST only | -| by_reference.cpp:130:14:130:25 | inner_nested | AST only | -| by_reference.cpp:130:27:130:27 | a | AST only | -| by_reference.cpp:131:8:131:12 | outer | AST only | -| by_reference.cpp:131:14:131:22 | inner_ptr | AST only | -| by_reference.cpp:131:25:131:25 | a | AST only | -| by_reference.cpp:132:8:132:12 | outer | AST only | -| by_reference.cpp:132:14:132:14 | a | AST only | -| by_reference.cpp:134:8:134:13 | pouter | AST only | -| by_reference.cpp:134:16:134:27 | inner_nested | AST only | -| by_reference.cpp:134:29:134:29 | a | AST only | -| by_reference.cpp:135:8:135:13 | pouter | AST only | -| by_reference.cpp:135:16:135:24 | inner_ptr | AST only | -| by_reference.cpp:135:27:135:27 | a | AST only | -| by_reference.cpp:136:8:136:13 | pouter | AST only | -| by_reference.cpp:136:16:136:16 | a | AST only | | complex.cpp:11:22:11:23 | a_ | AST only | | complex.cpp:12:22:12:23 | b_ | AST only | -| complex.cpp:42:8:42:8 | b | AST only | -| complex.cpp:42:16:42:16 | f | AST only | -| complex.cpp:43:8:43:8 | b | AST only | -| complex.cpp:43:16:43:16 | f | AST only | -| complex.cpp:53:3:53:4 | b1 | AST only | -| complex.cpp:53:12:53:12 | f | AST only | -| complex.cpp:54:3:54:4 | b2 | AST only | -| complex.cpp:54:12:54:12 | f | AST only | -| complex.cpp:55:3:55:4 | b3 | AST only | -| complex.cpp:55:12:55:12 | f | AST only | -| complex.cpp:56:3:56:4 | b3 | AST only | -| complex.cpp:56:12:56:12 | f | AST only | -| complex.cpp:59:7:59:8 | b1 | AST only | -| complex.cpp:62:7:62:8 | b2 | AST only | -| complex.cpp:65:7:65:8 | b3 | AST only | -| complex.cpp:68:7:68:8 | b4 | AST only | | conflated.cpp:10:3:10:7 | * ... | AST only | -| conflated.cpp:10:4:10:5 | ra | AST only | -| conflated.cpp:19:19:19:21 | raw | AST only | -| conflated.cpp:20:8:20:10 | raw | AST only | -| conflated.cpp:29:3:29:4 | pa | AST only | | conflated.cpp:29:7:29:7 | x | AST only | -| conflated.cpp:36:3:36:4 | pa | AST only | | conflated.cpp:36:7:36:7 | x | AST only | | conflated.cpp:53:7:53:10 | next | AST only | -| conflated.cpp:54:3:54:4 | ll | AST only | -| conflated.cpp:54:7:54:10 | next | AST only | | conflated.cpp:54:13:54:13 | y | AST only | -| conflated.cpp:59:35:59:38 | next | AST only | -| conflated.cpp:60:3:60:4 | ll | AST only | -| conflated.cpp:60:7:60:10 | next | AST only | +| conflated.cpp:59:20:59:39 | new | IR only | | conflated.cpp:60:13:60:13 | y | AST only | | constructors.cpp:20:24:20:25 | a_ | AST only | | constructors.cpp:21:24:21:25 | b_ | AST only | -| constructors.cpp:28:10:28:10 | f | AST only | -| constructors.cpp:29:10:29:10 | f | AST only | -| constructors.cpp:40:9:40:9 | f | AST only | -| constructors.cpp:43:9:43:9 | g | AST only | -| constructors.cpp:46:9:46:9 | h | AST only | -| constructors.cpp:49:9:49:9 | i | AST only | | qualifiers.cpp:9:36:9:36 | a | AST only | | qualifiers.cpp:12:56:12:56 | a | AST only | | qualifiers.cpp:13:57:13:57 | a | AST only | -| qualifiers.cpp:22:5:22:9 | outer | AST only | -| qualifiers.cpp:22:11:22:18 | call to getInner | AST only | | qualifiers.cpp:22:23:22:23 | a | AST only | -| qualifiers.cpp:23:10:23:14 | outer | AST only | -| qualifiers.cpp:23:16:23:20 | inner | AST only | -| qualifiers.cpp:23:23:23:23 | a | AST only | -| qualifiers.cpp:27:5:27:9 | outer | AST only | -| qualifiers.cpp:27:11:27:18 | call to getInner | AST only | -| qualifiers.cpp:27:28:27:37 | call to user_input | AST only | -| qualifiers.cpp:28:10:28:14 | outer | AST only | -| qualifiers.cpp:28:16:28:20 | inner | AST only | -| qualifiers.cpp:28:23:28:23 | a | AST only | -| qualifiers.cpp:32:17:32:21 | outer | AST only | -| qualifiers.cpp:32:23:32:30 | call to getInner | AST only | -| qualifiers.cpp:32:35:32:44 | call to user_input | AST only | -| qualifiers.cpp:33:10:33:14 | outer | AST only | -| qualifiers.cpp:33:16:33:20 | inner | AST only | -| qualifiers.cpp:33:23:33:23 | a | AST only | -| qualifiers.cpp:37:19:37:35 | * ... | AST only | -| qualifiers.cpp:37:20:37:24 | outer | AST only | -| qualifiers.cpp:37:38:37:47 | call to user_input | AST only | -| qualifiers.cpp:38:10:38:14 | outer | AST only | -| qualifiers.cpp:38:16:38:20 | inner | AST only | -| qualifiers.cpp:38:23:38:23 | a | AST only | -| qualifiers.cpp:42:6:42:22 | * ... | AST only | -| qualifiers.cpp:42:7:42:11 | outer | AST only | | qualifiers.cpp:42:25:42:25 | a | AST only | -| qualifiers.cpp:43:10:43:14 | outer | AST only | -| qualifiers.cpp:43:16:43:20 | inner | AST only | -| qualifiers.cpp:43:23:43:23 | a | AST only | -| qualifiers.cpp:47:6:47:11 | & ... | AST only | -| qualifiers.cpp:47:15:47:22 | call to getInner | AST only | | qualifiers.cpp:47:27:47:27 | a | AST only | -| qualifiers.cpp:48:10:48:14 | outer | AST only | -| qualifiers.cpp:48:16:48:20 | inner | AST only | -| qualifiers.cpp:48:23:48:23 | a | AST only | | realistic.cpp:26:5:26:10 | offset | AST only | -| realistic.cpp:42:20:42:20 | o | AST only | -| realistic.cpp:49:9:49:11 | foo | AST only | | realistic.cpp:49:20:49:22 | baz | AST only | -| realistic.cpp:53:9:53:11 | foo | AST only | -| realistic.cpp:53:9:53:18 | access to array | AST only | -| realistic.cpp:53:20:53:22 | baz | AST only | -| realistic.cpp:53:25:53:33 | userInput | AST only | | realistic.cpp:53:35:53:43 | bufferLen | AST only | -| realistic.cpp:54:16:54:18 | foo | AST only | -| realistic.cpp:54:16:54:25 | access to array | AST only | -| realistic.cpp:54:27:54:29 | baz | AST only | -| realistic.cpp:54:32:54:40 | userInput | AST only | -| realistic.cpp:54:42:54:47 | buffer | AST only | -| realistic.cpp:60:16:60:18 | dst | AST only | -| realistic.cpp:61:21:61:23 | foo | AST only | -| realistic.cpp:61:21:61:30 | access to array | AST only | -| realistic.cpp:61:32:61:34 | baz | AST only | -| realistic.cpp:61:37:61:45 | userInput | AST only | -| realistic.cpp:61:47:61:55 | bufferLen | AST only | -| realistic.cpp:65:21:65:23 | foo | AST only | -| realistic.cpp:65:21:65:30 | access to array | AST only | -| realistic.cpp:65:32:65:34 | baz | AST only | -| realistic.cpp:65:37:65:45 | userInput | AST only | -| realistic.cpp:65:47:65:52 | buffer | AST only | -| realistic.cpp:66:21:66:23 | dst | AST only | | simple.cpp:20:24:20:25 | a_ | AST only | | simple.cpp:21:24:21:25 | b_ | AST only | -| simple.cpp:28:10:28:10 | f | AST only | -| simple.cpp:29:10:29:10 | f | AST only | -| simple.cpp:39:5:39:5 | f | AST only | -| simple.cpp:40:5:40:5 | g | AST only | -| simple.cpp:41:5:41:5 | h | AST only | -| simple.cpp:42:5:42:5 | h | AST only | -| simple.cpp:45:9:45:9 | f | AST only | -| simple.cpp:48:9:48:9 | g | AST only | -| simple.cpp:51:9:51:9 | h | AST only | -| simple.cpp:54:9:54:9 | i | AST only | | simple.cpp:65:7:65:7 | i | AST only | -| simple.cpp:83:9:83:10 | this | AST only | | simple.cpp:83:12:83:13 | f1 | AST only | -| simple.cpp:84:14:84:20 | this | AST only | | simple.cpp:92:7:92:7 | i | AST only | -| struct_init.c:15:8:15:9 | ab | AST only | -| struct_init.c:15:12:15:12 | a | AST only | -| struct_init.c:16:8:16:9 | ab | AST only | -| struct_init.c:16:12:16:12 | b | AST only | -| struct_init.c:22:8:22:9 | ab | AST only | -| struct_init.c:22:11:22:11 | a | AST only | -| struct_init.c:23:8:23:9 | ab | AST only | -| struct_init.c:23:11:23:11 | b | AST only | -| struct_init.c:24:10:24:12 | & ... | AST only | -| struct_init.c:31:8:31:12 | outer | AST only | -| struct_init.c:31:14:31:21 | nestedAB | AST only | -| struct_init.c:31:23:31:23 | a | AST only | -| struct_init.c:32:8:32:12 | outer | AST only | -| struct_init.c:32:14:32:21 | nestedAB | AST only | -| struct_init.c:32:23:32:23 | b | AST only | -| struct_init.c:33:8:33:12 | outer | AST only | -| struct_init.c:33:14:33:22 | pointerAB | AST only | -| struct_init.c:33:25:33:25 | a | AST only | -| struct_init.c:34:8:34:12 | outer | AST only | -| struct_init.c:34:14:34:22 | pointerAB | AST only | -| struct_init.c:34:25:34:25 | b | AST only | -| struct_init.c:36:10:36:24 | & ... | AST only | -| struct_init.c:46:10:46:14 | outer | AST only | -| struct_init.c:46:16:46:24 | pointerAB | AST only | diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected index 294c46a5694..8ed0e3c4032 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected @@ -1,22 +1,208 @@ | A.cpp:25:7:25:10 | this | | A.cpp:27:22:27:25 | this | +| A.cpp:31:14:31:21 | new | +| A.cpp:31:20:31:20 | c | +| A.cpp:40:5:40:6 | cc | +| A.cpp:40:15:40:21 | 0 | +| A.cpp:41:5:41:6 | ct | +| A.cpp:41:15:41:21 | new | +| A.cpp:42:10:42:12 | & ... | +| A.cpp:43:10:43:12 | & ... | +| A.cpp:47:12:47:18 | new | +| A.cpp:48:20:48:20 | c | +| A.cpp:49:10:49:10 | b | +| A.cpp:49:13:49:13 | c | +| A.cpp:54:12:54:18 | new | +| A.cpp:55:5:55:5 | b | +| A.cpp:55:12:55:19 | new | +| A.cpp:56:10:56:10 | b | +| A.cpp:56:13:56:15 | call to get | +| A.cpp:57:11:57:24 | new | +| A.cpp:57:17:57:23 | new | +| A.cpp:57:28:57:30 | call to get | +| A.cpp:62:13:62:19 | new | +| A.cpp:64:10:64:15 | this | +| A.cpp:64:17:64:18 | b1 | +| A.cpp:64:21:64:28 | new | +| A.cpp:65:10:65:11 | b1 | +| A.cpp:65:14:65:14 | c | +| A.cpp:66:10:66:11 | b2 | +| A.cpp:66:14:66:14 | c | +| A.cpp:71:13:71:19 | new | +| A.cpp:73:10:73:19 | this | +| A.cpp:73:21:73:22 | b1 | +| A.cpp:73:25:73:32 | new | +| A.cpp:74:10:74:11 | b1 | +| A.cpp:74:14:74:14 | c | +| A.cpp:75:10:75:11 | b2 | +| A.cpp:75:14:75:14 | c | +| A.cpp:81:10:81:15 | this | +| A.cpp:81:17:81:18 | b1 | +| A.cpp:81:21:81:21 | c | +| A.cpp:82:12:82:12 | this | +| A.cpp:87:9:87:9 | this | +| A.cpp:89:15:89:21 | new | +| A.cpp:90:7:90:8 | b2 | +| A.cpp:90:15:90:15 | c | +| A.cpp:99:14:99:21 | new | | A.cpp:100:5:100:6 | c1 | +| A.cpp:101:5:101:6 | this | +| A.cpp:101:8:101:9 | c1 | +| A.cpp:107:12:107:13 | c1 | +| A.cpp:107:16:107:16 | a | +| A.cpp:116:12:116:19 | new | +| A.cpp:120:12:120:13 | c1 | +| A.cpp:120:16:120:16 | a | +| A.cpp:126:5:126:5 | b | +| A.cpp:126:12:126:18 | new | +| A.cpp:130:12:130:18 | new | +| A.cpp:131:5:131:6 | this | +| A.cpp:131:8:131:8 | b | +| A.cpp:132:10:132:10 | b | +| A.cpp:132:13:132:13 | c | | A.cpp:142:7:142:7 | b | +| A.cpp:142:14:142:20 | new | | A.cpp:143:7:143:10 | this | +| A.cpp:143:25:143:31 | new | +| A.cpp:150:12:150:18 | new | +| A.cpp:151:12:151:24 | new | +| A.cpp:151:18:151:18 | b | +| A.cpp:151:21:151:21 | this | +| A.cpp:152:10:152:10 | d | +| A.cpp:152:13:152:13 | b | +| A.cpp:153:10:153:10 | d | +| A.cpp:153:13:153:13 | b | +| A.cpp:153:16:153:16 | c | +| A.cpp:154:10:154:10 | b | +| A.cpp:154:13:154:13 | c | +| A.cpp:159:12:159:18 | new | +| A.cpp:160:18:160:60 | new | +| A.cpp:160:29:160:29 | b | +| A.cpp:160:32:160:59 | new | +| A.cpp:160:43:160:49 | 0 | +| A.cpp:160:52:160:58 | 0 | +| A.cpp:161:18:161:40 | new | +| A.cpp:161:29:161:35 | 0 | +| A.cpp:161:38:161:39 | l1 | +| A.cpp:162:18:162:40 | new | +| A.cpp:162:29:162:35 | 0 | +| A.cpp:162:38:162:39 | l2 | +| A.cpp:163:10:163:11 | l3 | +| A.cpp:163:14:163:17 | head | +| A.cpp:164:10:164:11 | l3 | +| A.cpp:164:14:164:17 | next | +| A.cpp:164:20:164:23 | head | +| A.cpp:165:10:165:11 | l3 | +| A.cpp:165:14:165:17 | next | +| A.cpp:165:20:165:23 | next | +| A.cpp:165:26:165:29 | head | +| A.cpp:166:10:166:11 | l3 | +| A.cpp:166:14:166:17 | next | +| A.cpp:166:20:166:23 | next | +| A.cpp:166:26:166:29 | next | +| A.cpp:166:32:166:35 | head | +| A.cpp:169:12:169:12 | l | +| A.cpp:169:15:169:18 | head | | A.cpp:183:7:183:10 | this | | A.cpp:184:7:184:10 | this | +| B.cpp:7:16:7:35 | new | +| B.cpp:7:25:7:25 | e | +| B.cpp:7:28:7:34 | 0 | +| B.cpp:8:16:8:27 | new | +| B.cpp:8:25:8:26 | b1 | +| B.cpp:9:10:9:11 | b2 | +| B.cpp:9:14:9:17 | box1 | +| B.cpp:9:20:9:24 | elem1 | +| B.cpp:10:10:10:11 | b2 | +| B.cpp:10:14:10:17 | box1 | +| B.cpp:10:20:10:24 | elem2 | +| B.cpp:16:16:16:38 | new | +| B.cpp:16:28:16:34 | 0 | +| B.cpp:16:37:16:37 | e | +| B.cpp:17:16:17:27 | new | +| B.cpp:17:25:17:26 | b1 | +| B.cpp:18:10:18:11 | b2 | +| B.cpp:18:14:18:17 | box1 | +| B.cpp:18:20:18:24 | elem1 | +| B.cpp:19:10:19:11 | b2 | +| B.cpp:19:14:19:17 | box1 | +| B.cpp:19:20:19:24 | elem2 | | B.cpp:35:7:35:10 | this | | B.cpp:36:7:36:10 | this | | B.cpp:46:7:46:10 | this | +| C.cpp:18:12:18:18 | new | +| C.cpp:19:5:19:5 | c | | C.cpp:24:5:24:8 | this | +| C.cpp:29:10:29:11 | s1 | +| C.cpp:29:10:29:11 | this | +| C.cpp:30:10:30:11 | s2 | +| C.cpp:30:10:30:11 | this | +| C.cpp:31:10:31:11 | s3 | +| C.cpp:31:10:31:11 | this | +| C.cpp:32:10:32:11 | s4 | | D.cpp:9:21:9:24 | this | | D.cpp:11:29:11:32 | this | | D.cpp:16:21:16:23 | this | | D.cpp:18:29:18:31 | this | +| D.cpp:22:10:22:11 | b2 | +| D.cpp:22:14:22:20 | call to getBox1 | +| D.cpp:22:25:22:31 | call to getElem | +| D.cpp:29:15:29:41 | new | +| D.cpp:29:24:29:40 | new | +| D.cpp:29:33:29:39 | 0 | +| D.cpp:30:5:30:5 | b | +| D.cpp:30:8:30:10 | box | +| D.cpp:31:14:31:14 | b | +| D.cpp:36:15:36:41 | new | +| D.cpp:36:24:36:40 | new | +| D.cpp:36:33:36:39 | 0 | +| D.cpp:37:5:37:5 | b | +| D.cpp:37:8:37:10 | box | +| D.cpp:37:21:37:21 | e | +| D.cpp:38:14:38:14 | b | +| D.cpp:43:15:43:41 | new | +| D.cpp:43:24:43:40 | new | +| D.cpp:43:33:43:39 | 0 | +| D.cpp:44:5:44:5 | b | +| D.cpp:44:8:44:14 | call to getBox1 | +| D.cpp:45:14:45:14 | b | +| D.cpp:50:15:50:41 | new | +| D.cpp:50:24:50:40 | new | +| D.cpp:50:33:50:39 | 0 | +| D.cpp:51:5:51:5 | b | +| D.cpp:51:8:51:14 | call to getBox1 | +| D.cpp:51:27:51:27 | e | +| D.cpp:52:14:52:14 | b | | D.cpp:57:5:57:12 | this | +| D.cpp:57:16:57:42 | new | +| D.cpp:57:25:57:41 | new | +| D.cpp:57:34:57:40 | 0 | +| D.cpp:58:5:58:12 | boxfield | +| D.cpp:58:5:58:12 | this | +| D.cpp:58:15:58:17 | box | +| D.cpp:59:5:59:7 | this | +| D.cpp:64:10:64:17 | boxfield | +| D.cpp:64:10:64:17 | this | +| D.cpp:64:20:64:22 | box | +| D.cpp:64:25:64:28 | elem | +| E.cpp:21:10:21:10 | p | +| E.cpp:21:13:21:16 | data | +| E.cpp:21:18:21:23 | buffer | +| E.cpp:28:21:28:23 | raw | +| E.cpp:29:21:29:21 | b | +| E.cpp:29:24:29:29 | buffer | +| E.cpp:30:21:30:21 | p | +| E.cpp:30:23:30:26 | data | +| E.cpp:30:28:30:33 | buffer | +| E.cpp:31:10:31:12 | raw | +| E.cpp:32:10:32:10 | b | +| E.cpp:32:13:32:18 | buffer | +| E.cpp:33:18:33:19 | & ... | | aliasing.cpp:9:3:9:3 | s | | aliasing.cpp:13:3:13:3 | s | | aliasing.cpp:17:3:17:3 | s | +| aliasing.cpp:25:17:25:19 | & ... | +| aliasing.cpp:26:19:26:20 | s2 | | aliasing.cpp:37:3:37:6 | ref1 | | aliasing.cpp:42:3:42:4 | s2 | | aliasing.cpp:49:3:49:7 | copy1 | @@ -25,48 +211,299 @@ | aliasing.cpp:72:3:72:3 | s | | aliasing.cpp:79:3:79:3 | s | | aliasing.cpp:86:3:86:3 | s | +| aliasing.cpp:92:3:92:3 | w | | aliasing.cpp:92:5:92:5 | s | | aliasing.cpp:98:3:98:3 | s | +| aliasing.cpp:111:15:111:19 | & ... | | aliasing.cpp:111:16:111:16 | s | +| aliasing.cpp:121:15:121:16 | xs | +| aliasing.cpp:126:15:126:20 | ... - ... | +| aliasing.cpp:131:15:131:16 | xs | +| aliasing.cpp:136:15:136:17 | + ... | +| aliasing.cpp:141:15:141:15 | s | +| aliasing.cpp:141:17:141:20 | data | +| aliasing.cpp:147:15:147:22 | & ... | | aliasing.cpp:147:16:147:19 | access to array | +| aliasing.cpp:158:15:158:15 | s | +| aliasing.cpp:158:17:158:20 | data | +| aliasing.cpp:164:15:164:15 | s | +| aliasing.cpp:164:17:164:20 | data | +| aliasing.cpp:175:15:175:22 | & ... | +| aliasing.cpp:175:16:175:17 | s2 | | aliasing.cpp:175:19:175:19 | s | +| aliasing.cpp:181:15:181:22 | & ... | +| aliasing.cpp:181:16:181:17 | s2 | | aliasing.cpp:181:19:181:19 | s | +| aliasing.cpp:187:15:187:22 | & ... | +| aliasing.cpp:187:16:187:17 | s2 | | aliasing.cpp:187:19:187:19 | s | +| aliasing.cpp:194:15:194:22 | & ... | +| aliasing.cpp:194:16:194:17 | s2 | | aliasing.cpp:194:19:194:19 | s | +| aliasing.cpp:200:15:200:24 | & ... | +| aliasing.cpp:200:16:200:18 | ps2 | | aliasing.cpp:200:21:200:21 | s | +| aliasing.cpp:205:15:205:24 | & ... | +| aliasing.cpp:205:16:205:18 | ps2 | | aliasing.cpp:205:21:205:21 | s | -| arrays.cpp:6:3:6:5 | arr | +| arrays.cpp:7:8:7:13 | access to array | +| arrays.cpp:8:8:8:13 | access to array | +| arrays.cpp:9:8:9:11 | * ... | +| arrays.cpp:10:8:10:15 | * ... | +| arrays.cpp:16:8:16:13 | access to array | +| arrays.cpp:17:8:17:13 | access to array | +| arrays.cpp:36:3:36:3 | o | | arrays.cpp:36:3:36:17 | access to array | +| arrays.cpp:36:5:36:10 | nested | +| arrays.cpp:37:8:37:8 | o | +| arrays.cpp:37:8:37:22 | access to array | +| arrays.cpp:37:10:37:15 | nested | +| arrays.cpp:37:24:37:27 | data | +| arrays.cpp:38:8:38:8 | o | +| arrays.cpp:38:8:38:22 | access to array | +| arrays.cpp:38:10:38:15 | nested | +| arrays.cpp:38:24:38:27 | data | +| arrays.cpp:42:3:42:3 | o | +| arrays.cpp:42:3:42:20 | access to array | +| arrays.cpp:42:5:42:12 | indirect | +| arrays.cpp:43:8:43:8 | o | +| arrays.cpp:43:8:43:25 | access to array | +| arrays.cpp:43:10:43:17 | indirect | +| arrays.cpp:43:27:43:30 | data | +| arrays.cpp:44:8:44:8 | o | +| arrays.cpp:44:8:44:25 | access to array | +| arrays.cpp:44:10:44:17 | indirect | +| arrays.cpp:44:27:44:30 | data | +| arrays.cpp:48:3:48:3 | o | +| arrays.cpp:48:3:48:20 | access to array | +| arrays.cpp:48:5:48:12 | indirect | +| arrays.cpp:49:8:49:8 | o | +| arrays.cpp:49:8:49:25 | access to array | +| arrays.cpp:49:10:49:17 | indirect | +| arrays.cpp:49:27:49:30 | data | +| arrays.cpp:50:8:50:8 | o | +| arrays.cpp:50:8:50:25 | access to array | +| arrays.cpp:50:10:50:17 | indirect | +| arrays.cpp:50:27:50:30 | data | | by_reference.cpp:12:5:12:5 | s | | by_reference.cpp:16:5:16:8 | this | +| by_reference.cpp:20:5:20:8 | this | +| by_reference.cpp:20:23:20:27 | value | +| by_reference.cpp:24:19:24:22 | this | +| by_reference.cpp:24:25:24:29 | value | +| by_reference.cpp:50:3:50:3 | s | +| by_reference.cpp:50:17:50:26 | call to user_input | +| by_reference.cpp:51:10:51:20 | call to getDirectly | +| by_reference.cpp:56:3:56:3 | s | +| by_reference.cpp:56:19:56:28 | call to user_input | +| by_reference.cpp:57:10:57:22 | call to getIndirectly | +| by_reference.cpp:62:3:62:3 | s | +| by_reference.cpp:62:25:62:34 | call to user_input | +| by_reference.cpp:63:10:63:28 | call to getThroughNonMember | +| by_reference.cpp:68:17:68:18 | & ... | +| by_reference.cpp:68:21:68:30 | call to user_input | +| by_reference.cpp:69:8:69:20 | call to nonMemberGetA | | by_reference.cpp:84:3:84:7 | inner | | by_reference.cpp:88:3:88:7 | inner | +| by_reference.cpp:102:21:102:39 | & ... | | by_reference.cpp:102:22:102:26 | outer | +| by_reference.cpp:103:21:103:25 | outer | +| by_reference.cpp:103:27:103:35 | inner_ptr | +| by_reference.cpp:104:15:104:22 | & ... | | by_reference.cpp:104:16:104:20 | outer | +| by_reference.cpp:106:21:106:41 | & ... | | by_reference.cpp:106:22:106:27 | pouter | +| by_reference.cpp:107:21:107:26 | pouter | +| by_reference.cpp:107:29:107:37 | inner_ptr | +| by_reference.cpp:108:15:108:24 | & ... | | by_reference.cpp:108:16:108:21 | pouter | +| by_reference.cpp:110:8:110:12 | outer | +| by_reference.cpp:110:14:110:25 | inner_nested | +| by_reference.cpp:110:27:110:27 | a | +| by_reference.cpp:111:8:111:12 | outer | +| by_reference.cpp:111:14:111:22 | inner_ptr | +| by_reference.cpp:111:25:111:25 | a | +| by_reference.cpp:112:8:112:12 | outer | +| by_reference.cpp:112:14:112:14 | a | +| by_reference.cpp:114:8:114:13 | pouter | +| by_reference.cpp:114:16:114:27 | inner_nested | +| by_reference.cpp:114:29:114:29 | a | +| by_reference.cpp:115:8:115:13 | pouter | +| by_reference.cpp:115:16:115:24 | inner_ptr | +| by_reference.cpp:115:27:115:27 | a | +| by_reference.cpp:116:8:116:13 | pouter | +| by_reference.cpp:116:16:116:16 | a | | by_reference.cpp:122:21:122:25 | outer | +| by_reference.cpp:122:27:122:38 | inner_nested | +| by_reference.cpp:123:21:123:36 | * ... | +| by_reference.cpp:123:22:123:26 | outer | | by_reference.cpp:124:15:124:19 | outer | +| by_reference.cpp:124:21:124:21 | a | | by_reference.cpp:126:21:126:26 | pouter | +| by_reference.cpp:126:29:126:40 | inner_nested | +| by_reference.cpp:127:21:127:38 | * ... | +| by_reference.cpp:127:22:127:27 | pouter | | by_reference.cpp:128:15:128:20 | pouter | +| by_reference.cpp:128:23:128:23 | a | +| by_reference.cpp:130:8:130:12 | outer | +| by_reference.cpp:130:14:130:25 | inner_nested | +| by_reference.cpp:130:27:130:27 | a | +| by_reference.cpp:131:8:131:12 | outer | +| by_reference.cpp:131:14:131:22 | inner_ptr | +| by_reference.cpp:131:25:131:25 | a | +| by_reference.cpp:132:8:132:12 | outer | +| by_reference.cpp:132:14:132:14 | a | +| by_reference.cpp:134:8:134:13 | pouter | +| by_reference.cpp:134:16:134:27 | inner_nested | +| by_reference.cpp:134:29:134:29 | a | +| by_reference.cpp:135:8:135:13 | pouter | +| by_reference.cpp:135:16:135:24 | inner_ptr | +| by_reference.cpp:135:27:135:27 | a | +| by_reference.cpp:136:8:136:13 | pouter | +| by_reference.cpp:136:16:136:16 | a | | complex.cpp:11:22:11:23 | this | | complex.cpp:12:22:12:23 | this | +| complex.cpp:42:8:42:8 | b | | complex.cpp:42:10:42:14 | inner | +| complex.cpp:42:16:42:16 | f | +| complex.cpp:43:8:43:8 | b | | complex.cpp:43:10:43:14 | inner | +| complex.cpp:43:16:43:16 | f | +| complex.cpp:53:3:53:4 | b1 | | complex.cpp:53:6:53:10 | inner | +| complex.cpp:53:12:53:12 | f | +| complex.cpp:54:3:54:4 | b2 | | complex.cpp:54:6:54:10 | inner | +| complex.cpp:54:12:54:12 | f | +| complex.cpp:55:3:55:4 | b3 | | complex.cpp:55:6:55:10 | inner | +| complex.cpp:55:12:55:12 | f | +| complex.cpp:56:3:56:4 | b3 | | complex.cpp:56:6:56:10 | inner | +| complex.cpp:56:12:56:12 | f | +| complex.cpp:59:7:59:8 | b1 | +| complex.cpp:62:7:62:8 | b2 | +| complex.cpp:65:7:65:8 | b3 | +| complex.cpp:68:7:68:8 | b4 | +| conflated.cpp:10:4:10:5 | ra | +| conflated.cpp:19:19:19:21 | raw | +| conflated.cpp:20:8:20:10 | raw | +| conflated.cpp:29:3:29:4 | pa | +| conflated.cpp:36:3:36:4 | pa | | conflated.cpp:53:3:53:4 | ll | +| conflated.cpp:54:3:54:4 | ll | +| conflated.cpp:54:7:54:10 | next | +| conflated.cpp:59:20:59:39 | new | +| conflated.cpp:59:35:59:38 | next | +| conflated.cpp:60:3:60:4 | ll | +| conflated.cpp:60:7:60:10 | next | | constructors.cpp:20:24:20:25 | this | | constructors.cpp:21:24:21:25 | this | +| constructors.cpp:28:10:28:10 | f | +| constructors.cpp:29:10:29:10 | f | +| constructors.cpp:40:9:40:9 | f | +| constructors.cpp:43:9:43:9 | g | +| constructors.cpp:46:9:46:9 | h | +| constructors.cpp:49:9:49:9 | i | | qualifiers.cpp:9:30:9:33 | this | | qualifiers.cpp:12:49:12:53 | inner | | qualifiers.cpp:13:51:13:55 | inner | +| qualifiers.cpp:22:5:22:9 | outer | +| qualifiers.cpp:22:11:22:18 | call to getInner | +| qualifiers.cpp:23:10:23:14 | outer | +| qualifiers.cpp:23:16:23:20 | inner | +| qualifiers.cpp:23:23:23:23 | a | +| qualifiers.cpp:27:5:27:9 | outer | +| qualifiers.cpp:27:11:27:18 | call to getInner | +| qualifiers.cpp:27:28:27:37 | call to user_input | +| qualifiers.cpp:28:10:28:14 | outer | +| qualifiers.cpp:28:16:28:20 | inner | +| qualifiers.cpp:28:23:28:23 | a | +| qualifiers.cpp:32:17:32:21 | outer | +| qualifiers.cpp:32:23:32:30 | call to getInner | +| qualifiers.cpp:32:35:32:44 | call to user_input | +| qualifiers.cpp:33:10:33:14 | outer | +| qualifiers.cpp:33:16:33:20 | inner | +| qualifiers.cpp:33:23:33:23 | a | +| qualifiers.cpp:37:19:37:35 | * ... | +| qualifiers.cpp:37:20:37:24 | outer | +| qualifiers.cpp:37:38:37:47 | call to user_input | +| qualifiers.cpp:38:10:38:14 | outer | +| qualifiers.cpp:38:16:38:20 | inner | +| qualifiers.cpp:38:23:38:23 | a | +| qualifiers.cpp:42:6:42:22 | * ... | +| qualifiers.cpp:42:7:42:11 | outer | +| qualifiers.cpp:43:10:43:14 | outer | +| qualifiers.cpp:43:16:43:20 | inner | +| qualifiers.cpp:43:23:43:23 | a | +| qualifiers.cpp:47:6:47:11 | & ... | +| qualifiers.cpp:47:15:47:22 | call to getInner | +| qualifiers.cpp:48:10:48:14 | outer | +| qualifiers.cpp:48:16:48:20 | inner | +| qualifiers.cpp:48:23:48:23 | a | +| realistic.cpp:42:20:42:20 | o | +| realistic.cpp:49:9:49:11 | foo | | realistic.cpp:49:9:49:18 | access to array | +| realistic.cpp:53:9:53:11 | foo | +| realistic.cpp:53:9:53:18 | access to array | +| realistic.cpp:53:20:53:22 | baz | +| realistic.cpp:53:25:53:33 | userInput | +| realistic.cpp:54:16:54:18 | foo | +| realistic.cpp:54:16:54:25 | access to array | +| realistic.cpp:54:27:54:29 | baz | +| realistic.cpp:54:32:54:40 | userInput | +| realistic.cpp:54:42:54:47 | buffer | +| realistic.cpp:60:16:60:18 | dst | +| realistic.cpp:61:21:61:23 | foo | +| realistic.cpp:61:21:61:30 | access to array | +| realistic.cpp:61:32:61:34 | baz | +| realistic.cpp:61:37:61:45 | userInput | +| realistic.cpp:61:47:61:55 | bufferLen | +| realistic.cpp:65:21:65:23 | foo | +| realistic.cpp:65:21:65:30 | access to array | +| realistic.cpp:65:32:65:34 | baz | +| realistic.cpp:65:37:65:45 | userInput | +| realistic.cpp:65:47:65:52 | buffer | +| realistic.cpp:66:21:66:23 | dst | | simple.cpp:20:24:20:25 | this | | simple.cpp:21:24:21:25 | this | +| simple.cpp:28:10:28:10 | f | +| simple.cpp:29:10:29:10 | f | +| simple.cpp:39:5:39:5 | f | +| simple.cpp:40:5:40:5 | g | +| simple.cpp:41:5:41:5 | h | +| simple.cpp:42:5:42:5 | h | +| simple.cpp:45:9:45:9 | f | +| simple.cpp:48:9:48:9 | g | +| simple.cpp:51:9:51:9 | h | +| simple.cpp:54:9:54:9 | i | | simple.cpp:65:5:65:5 | a | | simple.cpp:83:9:83:10 | f2 | +| simple.cpp:83:9:83:10 | this | +| simple.cpp:84:14:84:20 | this | | simple.cpp:92:5:92:5 | a | +| struct_init.c:15:8:15:9 | ab | +| struct_init.c:15:12:15:12 | a | +| struct_init.c:16:8:16:9 | ab | +| struct_init.c:16:12:16:12 | b | +| struct_init.c:22:8:22:9 | ab | +| struct_init.c:22:11:22:11 | a | +| struct_init.c:23:8:23:9 | ab | +| struct_init.c:23:11:23:11 | b | +| struct_init.c:24:10:24:12 | & ... | +| struct_init.c:31:8:31:12 | outer | +| struct_init.c:31:14:31:21 | nestedAB | +| struct_init.c:31:23:31:23 | a | +| struct_init.c:32:8:32:12 | outer | +| struct_init.c:32:14:32:21 | nestedAB | +| struct_init.c:32:23:32:23 | b | +| struct_init.c:33:8:33:12 | outer | +| struct_init.c:33:14:33:22 | pointerAB | +| struct_init.c:33:25:33:25 | a | +| struct_init.c:34:8:34:12 | outer | +| struct_init.c:34:14:34:22 | pointerAB | +| struct_init.c:34:25:34:25 | b | +| struct_init.c:36:10:36:24 | & ... | | struct_init.c:36:11:36:15 | outer | +| struct_init.c:46:10:46:14 | outer | +| struct_init.c:46:16:46:24 | pointerAB | diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition.expected index 0a3ea441f93..373e357142a 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/partial-definition.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/partial-definition.expected @@ -107,6 +107,10 @@ | C.cpp:19:5:19:5 | c | | C.cpp:24:5:24:8 | this | | C.cpp:24:11:24:12 | s3 | +| C.cpp:29:10:29:11 | s1 | +| C.cpp:29:10:29:11 | this | +| C.cpp:31:10:31:11 | s3 | +| C.cpp:31:10:31:11 | this | | D.cpp:9:21:9:24 | elem | | D.cpp:9:21:9:24 | this | | D.cpp:11:29:11:32 | elem | From 8caff411387b3f64a57a8fbd55658827986e77a4 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:22:51 +0100 Subject: [PATCH 07/70] C++: Throw away most of the usage of IR-computed def-use information. Instead, we rely on the shared SSA library's use-use edges. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 6 +- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 130 ++++++++---------- 2 files changed, 62 insertions(+), 74 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 9de1da31772..8852d54d7b8 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -106,11 +106,9 @@ class ReturnNode extends InstructionNode { Instruction primary; ReturnNode() { - exists(ReturnValueInstruction ret | instr = ret.getReturnValue() and primary = ret) + exists(ReturnValueInstruction ret | instr = ret and primary = ret) or - exists(ReturnIndirectionInstruction rii | - instr = rii.getSideEffectOperand().getAnyDef() and primary = rii - ) + exists(ReturnIndirectionInstruction rii | instr = rii and primary = rii) } /** Gets the kind of this returned value. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index f8b4f3b8df0..a075831439e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -613,6 +613,11 @@ class VariableNode extends Node, TVariableNode { */ InstructionNode instructionNode(Instruction instr) { result.getInstruction() = instr } +/** + * Gets the node corresponding to `operand`. + */ +OperandNode operandNode(Operand operand) { result.getOperand() = operand } + /** * DEPRECATED: use `definitionByReferenceNodeFromArgument` instead. * @@ -693,14 +698,32 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { ReadNodeFlow::flowThrough(nodeFrom, nodeTo) or ReadNodeFlow::flowOutOf(nodeFrom, nodeTo) + or + // Adjacent-def-use and adjacent-use-use flow + adjacentDefUseFlow(nodeFrom, nodeTo) } -pragma[noinline] -private predicate getFieldSizeOfClass(Class c, Type type, int size) { - exists(Field f | - f.getDeclaringType() = c and - f.getUnderlyingType() = type and - type.getSize() = size +private predicate adjacentDefUseFlow(Node nodeFrom, Node nodeTo) { + // Flow that isn't already covered by field flow out of store/read nodes. + not nodeFrom.asInstruction() = any(StoreNode pun).getStoreInstruction() and + not nodeFrom.asInstruction() = any(ReadNode pun).getALoadInstruction() and + ( + //Def-use flow + Ssa::ssaFlow(nodeFrom, nodeTo) + or + exists(Instruction loadAddress | loadAddress = Ssa::getSourceAddressFromNode(nodeFrom) | + // Use-use flow through reads + exists(Node address | + Ssa::addressFlowTC(address.asInstruction(), loadAddress) and + Ssa::ssaFlow(address, nodeTo) + ) + or + // Use-use flow through stores. + exists(Node store | + Ssa::explicitWrite(_, store.asInstruction(), loadAddress) and + Ssa::ssaFlow(store, nodeTo) + ) + ) ) } @@ -789,40 +812,39 @@ private module StoreNodeFlow { private predicate simpleOperandLocalFlowStep(Instruction iFrom, Operand opTo) { // Propagate flow from an instruction to its exact uses. + // We do this for all instruction/operand pairs, except when the operand is the + // side effect operand of a ReturnIndirectionInstruction, or the load operand of a LoadInstruction. + // This is because we get these flows through the shared SSA library already, and including this + // flow here will create multiple dataflow paths which creates a blowup in stage 3 of dataflow. + ( + not any(ReturnIndirectionInstruction ret).getSideEffectOperand() = opTo and + not any(LoadInstruction load).getSourceValueOperand() = opTo and + not any(ReturnValueInstruction ret).getReturnValueOperand() = opTo + ) and opTo.getDef() = iFrom - or - opTo = any(ReadSideEffectInstruction read).getSideEffectOperand() and - not iFrom.isResultConflated() and - iFrom = opTo.getAnyDef() - or - // Loading a single `int` from an `int *` parameter is not an exact load since - // the parameter may point to an entire array rather than a single `int`. The - // following rule ensures that any flow going into the - // `InitializeIndirectionInstruction`, even if it's for a different array - // element, will propagate to a load of the first element. - // - // Since we're linking `InitializeIndirectionInstruction` and - // `LoadInstruction` together directly, this rule will break if there's any - // reassignment of the parameter indirection, including a conditional one that - // leads to a phi node. - exists(InitializeIndirectionInstruction init | - iFrom = init and - opTo.(LoadOperand).getAnyDef() = init and - // Check that the types match. Otherwise we can get flow from an object to - // its fields, which leads to field conflation when there's flow from other - // fields to the object elsewhere. - init.getParameter().getType().getUnspecifiedType().(DerivedType).getBaseType() = - opTo.getType().getUnspecifiedType() - ) - or - // Flow from stores to structs with a single field to a load of that field. - exists(LoadInstruction load | - load.getSourceValueOperand() = opTo and - opTo.getAnyDef() = iFrom and - isSingleFieldClass(pragma[only_bind_out](pragma[only_bind_out](iFrom).getResultType()), opTo) +} + +pragma[noinline] +private predicate getAddressType(LoadInstruction load, Type t) { + exists(Instruction address | + address = load.getSourceAddress() and + t = address.getResultType() ) } +/** + * Like the AST dataflow library, we want to conflate the address and value of a reference. This class + * represents the `LoadInstruction` that is generated from a reference dereference. + */ +private class ReferenceDereferenceInstruction extends LoadInstruction { + ReferenceDereferenceInstruction() { + exists(ReferenceType ref | + getAddressType(this, ref) and + this.getResultType() = ref.getBaseType() + ) + } +} + private predicate simpleInstructionLocalFlowStep(Operand opFrom, Instruction iTo) { iTo.(CopyInstruction).getSourceValueOperand() = opFrom or @@ -835,40 +857,8 @@ private predicate simpleInstructionLocalFlowStep(Operand opFrom, Instruction iTo or iTo.(InheritanceConversionInstruction).getUnaryOperand() = opFrom or - // A chi instruction represents a point where a new value (the _partial_ - // operand) may overwrite an old value (the _total_ operand), but the alias - // analysis couldn't determine that it surely will overwrite every bit of it or - // that it surely will overwrite no bit of it. - // - // By allowing flow through the total operand, we ensure that flow is not lost - // due to shortcomings of the alias analysis. We may get false flow in cases - // where the data is indeed overwritten. - // - // Flow through the partial operand belongs in the taint-tracking libraries - // for now. - iTo.getAnOperand().(ChiTotalOperand) = opFrom - or - // Add flow from write side-effects to non-conflated chi instructions through their - // partial operands. From there, a `readStep` will find subsequent reads of that field. - // Consider the following example: - // ``` - // void setX(Point* p, int new_x) { - // p->x = new_x; - // } - // ... - // setX(&p, taint()); - // ``` - // Here, a `WriteSideEffectInstruction` will provide a new definition for `p->x` after the call to - // `setX`, which will be melded into `p` through a chi instruction. - exists(ChiInstruction chi | chi = iTo | - opFrom.getAnyDef() instanceof WriteSideEffectInstruction and - chi.getPartialOperand() = opFrom and - not chi.isResultConflated() and - // In a call such as `set_value(&x->val);` we don't want the memory representing `x` to receive - // dataflow by a simple step. Instead, this is handled by field flow. If we add a simple step here - // we can get field-to-object flow. - not chi.isPartialUpdate() - ) + // Conflate references and values like in AST dataflow. + iTo.(ReferenceDereferenceInstruction).getSourceAddressOperand() = opFrom or // Flow through modeled functions modelFlow(opFrom, iTo) From 710d0cfc3df64bb9a4dfc9f6d59e67dd00eab83d Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:29:47 +0100 Subject: [PATCH 08/70] C++: Since we now no longer have flow from exact memory operands to LoadInstructions, we no longer have flow from PhiInstructions to LoadInstructions. We could allow flow in this particular case, but we might as well use the shared SSA library's phi edges. --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 41 ++++++++++++++++++- .../code/cpp/ir/dataflow/internal/Ssa.qll | 32 +++++++++++++++ 2 files changed, 72 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index a075831439e..076ee494bc5 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -22,7 +22,8 @@ private module Cached { TVariableNode(Variable var) or TStoreNodeInstr(Instruction i) { Ssa::explicitWrite(_, _, i) } or TStoreNodeOperand(ArgumentOperand op) { Ssa::explicitWrite(_, _, op.getDef()) } or - TReadNode(Instruction i) { needsPostReadNode(i) } + TReadNode(Instruction i) { needsPostReadNode(i) } or + TSsaPhiNode(Ssa::PhiNode phi) cached predicate localFlowStepCached(Node nodeFrom, Node nodeTo) { @@ -347,6 +348,44 @@ class ReadNode extends Node, TReadNode { } } +/** + * INTERNAL: do not use. + * + * A phi node produced by the shared SSA library, viewed as a node in a data flow graph. + */ +class SsaPhiNode extends Node, TSsaPhiNode { + Ssa::PhiNode phi; + + SsaPhiNode() { this = TSsaPhiNode(phi) } + + /* Get the phi node associated with this node. */ + Ssa::PhiNode getPhiNode() { result = phi } + + override Declaration getEnclosingCallable() { result = this.getFunction() } + + override Function getFunction() { result = phi.getBasicBlock().getEnclosingFunction() } + + override IRType getType() { result instanceof IRVoidType } + + override Location getLocation() { result = phi.getBasicBlock().getLocation() } + + /** Holds if this phi node has input from the `rnk`'th write operation in block `block`. */ + final predicate hasInputAtRankInBlock(IRBlock block, int rnk) { + hasInputAtRankInBlock(block, rnk, _) + } + + /** + * Holds if this phi node has input from the definition `input` (which is the `rnk`'th write + * operation in block `block`). + */ + cached + final predicate hasInputAtRankInBlock(IRBlock block, int rnk, Ssa::Definition input) { + Ssa::phiHasInputFromBlock(phi, input, _) and input.definesAt(_, block, rnk) + } + + override string toString() { result = "Phi" } +} + /** * An expression, viewed as a node in a data flow graph. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index bb6e3addf81..04ae62dbc35 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -336,6 +336,34 @@ private module Cached { ) } + private predicate fromPhiNode(SsaPhiNode nodeFrom, Node nodeTo) { + exists(PhiNode phi, Use use, IRBlock block, int rnk | + phi = nodeFrom.getPhiNode() and + adjacentDefRead(phi, _, _, block, rnk) and + use.hasRankInBlock(block, rnk) and + flowOutOfAddressStep(use.getOperand(), nodeTo) + ) + } + + private predicate toPhiNode(Node nodeFrom, SsaPhiNode nodeTo) { + // Flow to phi nodes + exists(Def def, IRBlock block, int rnk | + def.hasRankInBlock(block, rnk) and + nodeTo.hasInputAtRankInBlock(block, rnk) + | + exists(StoreNode store | + store = nodeFrom and + store.isTerminal() and + def.getInstruction() = store.getStoreInstruction() + ) + or + def.getInstruction() = nodeFrom.asInstruction() + ) + or + // Phi -> phi flow + nodeTo.hasInputAtRankInBlock(_, _, nodeFrom.(SsaPhiNode).getPhiNode()) + } + /** * Holds if `nodeFrom` is a read or write, and `nTo` is the next subsequent read of the variable * written (or read) by `storeOrRead`. @@ -350,6 +378,10 @@ private module Cached { or // Use-use flow from a `ReadNode` to an `OperandNode` fromReadNode(nodeFrom, nodeTo) + or + fromPhiNode(nodeFrom, nodeTo) + or + toPhiNode(nodeFrom, nodeTo) } private predicate flowOutOfAddressStep(Operand operand, Node nTo) { From b1ea00fa85633f7c891b97a674002d91d27b8d0d Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:34:26 +0100 Subject: [PATCH 09/70] C++: Remove the taintflow edges that gives performance problems. --- .../code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll index f563e47db9f..287958ebea4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll @@ -44,8 +44,6 @@ private predicate instructionToOperandTaintStep(Instruction fromInstr, Operand t fromInstr = readInstr.getArgumentDef() and toOperand = readInstr.getSideEffectOperand() ) - or - toOperand.(LoadOperand).getAnyDef() = fromInstr } /** @@ -84,8 +82,6 @@ private predicate operandToInstructionTaintStep(Operand opFrom, Instruction inst instrTo.(FieldAddressInstruction).getField().getDeclaringType() instanceof Union ) or - instrTo.(LoadInstruction).getSourceAddressOperand() = opFrom - or // Flow from an element to an array or union that contains it. instrTo.(ChiInstruction).getPartialOperand() = opFrom and not instrTo.isResultConflated() and From 5dbaea8b52b2eaca2acd71ea4fcee125447538c6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:35:34 +0100 Subject: [PATCH 10/70] C++: Add a special dataflow step from InitializeIndirection instructions. --- .../code/cpp/ir/dataflow/internal/Ssa.qll | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index 04ae62dbc35..aba581452ea 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -382,6 +382,24 @@ private module Cached { fromPhiNode(nodeFrom, nodeTo) or toPhiNode(nodeFrom, nodeTo) + or + // When we want to transfer flow out of a `StoreNode` we perform two steps: + // 1. Find the next use of the address being stored to + // 2. Find the `LoadInstruction` that loads the address + // When the address being stored into doesn't have a `LoadInstruction` associated with it because it's + // passed into a `CallInstruction` we transfer flow to the `ReadSideEffect`, which will then flow into + // the callee. We then pickup the flow from the `InitializeIndirectionInstruction` and use the shared + // SSA library to determine where the next use of the address that received the flow is. + exists(Node init, Node mid | + nodeFrom.asInstruction().(InitializeIndirectionInstruction).getIRVariable() = + init.asInstruction().(InitializeParameterInstruction).getIRVariable() and + // No need for the flow if the next use is the instruction that returns the flow out of the callee. + not mid.asInstruction() instanceof ReturnIndirectionInstruction and + // Find the next use of the address + ssaFlow(init, mid) and + // And flow to the next load of that address + flowOutOfAddressStep([mid.asInstruction().getAUse(), mid.asOperand()], nodeTo) + ) } private predicate flowOutOfAddressStep(Operand operand, Node nTo) { From 3efe60fdd2010255fac324ec467074d6f04b1457 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:46:16 +0100 Subject: [PATCH 11/70] C++: Accept test changes. --- .../defaulttainttracking.cpp | 8 +- .../annotate_sinks_only/stl.cpp | 4 +- .../dataflow-ir-consistency.expected | 635 ++++- .../dataflow/dataflow-tests/lambdas.cpp | 2 +- .../dataflow/dataflow-tests/test.cpp | 20 +- .../test/library-tests/dataflow/fields/A.cpp | 10 +- .../test/library-tests/dataflow/fields/C.cpp | 8 +- .../test/library-tests/dataflow/fields/D.cpp | 4 +- .../test/library-tests/dataflow/fields/E.cpp | 6 +- .../dataflow/fields/IRConfiguration.qll | 2 +- .../dataflow/fields/aliasing.cpp | 22 +- .../library-tests/dataflow/fields/arrays.cpp | 14 +- .../dataflow/fields/by_reference.cpp | 8 +- .../dataflow/fields/conflated.cpp | 12 +- .../fields/dataflow-consistency.expected | 4 +- .../fields/dataflow-ir-consistency.expected | 1439 +++++++++-- .../dataflow/fields/ir-path-flow.expected | 2097 +++++++++++++---- .../dataflow/fields/qualifiers.cpp | 12 +- .../dataflow/fields/realistic.cpp | 2 +- .../security-taint/tainted_diff.expected | 4 + .../security-taint/tainted_ir.expected | 4 - .../dataflow/smart-pointers-taint/test.cpp | 8 +- .../dataflow/taint-tests/arrayassignment.cpp | 22 +- .../dataflow/taint-tests/map.cpp | 72 +- .../dataflow/taint-tests/set.cpp | 16 +- .../dataflow/taint-tests/smart_pointer.cpp | 2 +- .../dataflow/taint-tests/string.cpp | 16 +- .../dataflow/taint-tests/stringstream.cpp | 10 +- .../dataflow/taint-tests/taint.cpp | 26 +- .../dataflow/taint-tests/taint.ql | 6 +- .../dataflow/taint-tests/vector.cpp | 58 +- 31 files changed, 3667 insertions(+), 886 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp index 843587b576a..834ef057b2b 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp @@ -210,8 +210,8 @@ void test_pointers2() sink(buffer); // $ MISSING: ast,ir sink(ptr1); // $ ast MISSING: ir - sink(ptr2); // $ SPURIOUS: ast - sink(*ptr2); // $ ast MISSING: ir + sink(ptr2); // $ SPURIOUS: ast,ir + sink(*ptr2); // $ ast,ir sink(ptr3); // $ MISSING: ast,ir sink(ptr4); // clean sink(*ptr4); // $ MISSING: ast,ir @@ -254,8 +254,8 @@ int test_readv_and_writev(iovec* iovs) { sink(*iovs); // $ast,ir char* p = (char*)iovs[1].iov_base; - sink(p); // $ ir MISSING: ast - sink(*p); // $ ir MISSING: ast + sink(p); // $ MISSING: ast,ir + sink(*p); // $ MISSING: ast,ir writev(0, iovs, 16); // $ remote } diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/stl.cpp b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/stl.cpp index 8a15071ef3c..f22347ba744 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/stl.cpp +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/stl.cpp @@ -89,12 +89,12 @@ void test_stringstream() sink(ss1); sink(ss2); // $ ir MISSING: ast - sink(ss3); // $ MISSING: ast,ir + sink(ss3); // $ ir MISSING: ast sink(ss4); // $ ir MISSING: ast sink(ss5); // $ ir MISSING: ast sink(ss1.str()); sink(ss2.str()); // $ ir MISSING: ast - sink(ss3.str()); // $ MISSING: ast,ir + sink(ss3.str()); // $ ir MISSING: ast sink(ss4.str()); // $ ir MISSING: ast sink(ss5.str()); // $ ir MISSING: ast } diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected index db9a86fbb57..a441de0d72a 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected @@ -26,62 +26,589 @@ unreachableNodeCCtx localCallNodes postIsNotPre postHasUniquePre -| test.cpp:373:5:373:20 | Store | PostUpdateNode should have one pre-update node but has 0. | uniquePostUpdate postIsInSameCallable reverseRead argHasPostUpdate postWithInFlow -| BarrierGuard.cpp:49:3:49:17 | Chi | PostUpdateNode should not be the target of local flow. | -| BarrierGuard.cpp:60:3:60:18 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:28:3:28:34 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:34:22:34:27 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:34:32:34:37 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:39:32:39:37 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:39:42:39:47 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:43:35:43:40 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:43:51:43:51 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:49:25:49:30 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:49:35:49:40 | Chi | PostUpdateNode should not be the target of local flow. | -| clang.cpp:50:3:50:26 | Chi | PostUpdateNode should not be the target of local flow. | -| example.c:17:19:17:22 | Chi | PostUpdateNode should not be the target of local flow. | -| example.c:17:21:17:21 | Chi | PostUpdateNode should not be the target of local flow. | -| example.c:24:2:24:30 | Chi | PostUpdateNode should not be the target of local flow. | -| example.c:24:13:24:30 | Chi | PostUpdateNode should not be the target of local flow. | -| example.c:26:2:26:25 | Chi | PostUpdateNode should not be the target of local flow. | -| file://:0:0:0:0 | Chi | PostUpdateNode should not be the target of local flow. | -| file://:0:0:0:0 | Chi | PostUpdateNode should not be the target of local flow. | -| file://:0:0:0:0 | Chi | PostUpdateNode should not be the target of local flow. | -| lambdas.cpp:13:12:13:12 | Chi | PostUpdateNode should not be the target of local flow. | -| lambdas.cpp:13:15:13:15 | Chi | PostUpdateNode should not be the target of local flow. | -| lambdas.cpp:28:10:31:2 | Chi | PostUpdateNode should not be the target of local flow. | -| lambdas.cpp:28:10:31:2 | Chi | PostUpdateNode should not be the target of local flow. | -| lambdas.cpp:43:3:43:14 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:11:5:11:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:20:5:20:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:22:7:22:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:24:7:24:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:29:5:29:18 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:31:7:31:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:39:7:39:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:44:5:44:18 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:46:7:46:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:48:7:48:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:75:5:75:17 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:83:5:83:17 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:87:7:87:17 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:89:7:89:17 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:94:5:94:22 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:96:7:96:17 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:104:7:104:17 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:109:5:109:22 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:113:7:113:17 | Chi | PostUpdateNode should not be the target of local flow. | -| ref.cpp:115:7:115:17 | Chi | PostUpdateNode should not be the target of local flow. | -| test.cpp:91:3:91:18 | Chi | PostUpdateNode should not be the target of local flow. | -| test.cpp:115:3:115:17 | Chi | PostUpdateNode should not be the target of local flow. | -| test.cpp:120:3:120:10 | Chi | PostUpdateNode should not be the target of local flow. | -| test.cpp:125:3:125:11 | Chi | PostUpdateNode should not be the target of local flow. | -| test.cpp:359:5:359:20 | Chi | PostUpdateNode should not be the target of local flow. | -| test.cpp:373:5:373:20 | Chi | PostUpdateNode should not be the target of local flow. | -| test.cpp:373:5:373:20 | Store | PostUpdateNode should not be the target of local flow. | -| test.cpp:465:3:465:15 | Chi | PostUpdateNode should not be the target of local flow. | +| BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. | +| BarrierGuard.cpp:60:3:60:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:8:20:8:29 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:22:3:22:6 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:22:8:22:20 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:22:9:22:20 | sourceArray1 [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:26:8:26:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:26:8:26:24 | sourceStruct1_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:26:27:26:34 | sourceStruct1_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:28:3:28:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:28:22:28:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:30:8:30:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:30:8:30:24 | sourceStruct1_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:30:27:30:34 | sourceStruct1_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:34:19:34:41 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:34:19:34:41 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:39:16:39:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:39:30:39:51 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:39:30:39:51 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:43:26:43:53 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:43:26:43:53 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:49:7:49:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:49:22:49:44 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:49:22:49:44 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:50:3:50:12 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:50:3:50:12 | stackArray [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:50:3:50:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:6:29:6:37 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:7:29:7:37 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:9:30:9:45 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:10:30:10:45 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:15:8:15:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:15:8:15:8 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:15:8:15:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:16:30:16:45 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:17:31:17:39 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:21:8:21:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:21:8:21:8 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:21:8:21:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:22:30:22:45 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:24:31:24:39 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:29:8:29:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:29:29:29:34 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:31:8:31:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:31:8:31:13 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:31:16:31:24 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:32:8:32:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:32:8:32:13 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:32:16:32:24 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:33:3:33:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:33:3:33:8 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:33:11:33:16 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:35:8:35:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:35:8:35:13 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:35:16:35:25 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:36:8:36:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:36:8:36:13 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:36:16:36:25 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:37:3:37:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:37:3:37:8 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:37:11:37:17 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:39:8:39:13 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:39:8:39:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:39:8:39:13 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:39:15:39:23 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:40:8:40:13 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:40:8:40:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:40:8:40:13 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:40:15:40:23 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:41:3:41:8 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:41:3:41:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:41:3:41:8 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:41:10:41:15 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:43:8:43:13 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:43:8:43:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:43:8:43:13 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:43:15:43:24 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:44:8:44:13 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:44:8:44:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:44:8:44:13 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:44:15:44:24 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:45:3:45:8 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:45:3:45:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:45:3:45:8 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:45:10:45:16 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:51:3:51:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:55:8:55:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:55:8:55:19 | globalBottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:55:22:55:30 | globalBottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:56:8:56:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:56:8:56:19 | globalMiddle [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:56:22:56:30 | globalMiddle [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:58:8:58:23 | call to readGlobalBottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:58:28:58:36 | call to readGlobalBottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:60:3:60:14 | globalBottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:60:18:60:29 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:60:18:60:29 | new [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:60:18:60:29 | new [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:61:3:61:14 | globalMiddle [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:61:18:61:29 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:61:18:61:29 | new [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:61:18:61:29 | new [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:65:3:65:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:65:10:65:21 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:65:10:65:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:65:10:65:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:69:3:69:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:69:3:69:5 | top [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:69:8:69:13 | top [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:73:3:73:5 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:73:3:73:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:73:3:73:5 | top [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:73:7:73:12 | top [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:77:3:77:19 | call to allocateBottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:77:21:77:34 | call to allocateBottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:78:3:78:21 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:78:23:78:39 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:78:23:78:39 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:78:24:78:37 | call to allocateBottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:80:8:80:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:81:3:81:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:81:3:81:3 | x [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:81:6:81:11 | x [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:85:3:85:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:89:3:89:10 | bottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:89:3:89:10 | call to identity [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:89:12:89:17 | (Middle *)... [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:89:12:89:17 | (Top *)... [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:89:12:89:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:89:12:89:17 | bottom [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:89:21:89:26 | call to identity [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:90:3:90:10 | call to identity [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:90:3:90:10 | top [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:90:12:90:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:90:12:90:14 | top [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:90:18:90:23 | call to identity [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:100:3:100:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:105:5:105:17 | maybeCallSink [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:113:30:113:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:117:31:117:46 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:127:10:127:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:127:31:127:36 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:129:10:129:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:129:10:129:15 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:129:18:129:25 | topPtr [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:130:10:130:15 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:130:10:130:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:130:10:130:15 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:130:17:130:24 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:148:5:148:5 | f [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:168:8:168:8 | f [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:17:19:17:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:17:19:17:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:24:9:24:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:24:20:24:20 | y [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:26:9:26:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:26:13:26:16 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:26:18:26:24 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:26:19:26:24 | coords [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:28:2:28:12 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:28:14:28:25 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:28:22:28:25 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| example.c:28:23:28:25 | pos [post update] | PostUpdateNode should not be the target of local flow. | +| globals.cpp:5:9:5:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| globals.cpp:13:5:13:19 | flowTestGlobal1 [post update] | PostUpdateNode should not be the target of local flow. | +| globals.cpp:23:5:23:19 | flowTestGlobal2 [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:8:6:8:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:9:6:9:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:10:6:10:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:11:6:11:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:13:7:13:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:13:10:17:2 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:13:10:17:2 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:16:3:16:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:20:7:20:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:20:10:24:2 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:20:10:24:2 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:20:10:24:2 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:23:3:23:3 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:23:3:23:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:23:3:23:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:23:3:23:14 | v [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:28:7:28:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:28:10:31:2 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:28:10:31:2 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:34:7:34:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:34:13:34:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:40:7:40:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:40:13:40:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:43:3:43:3 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:43:3:43:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:43:3:43:3 | c [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:45:3:45:3 | t [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:45:3:45:3 | u [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:45:3:45:3 | w [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:45:4:45:4 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:45:4:45:4 | t [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:45:7:45:7 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:45:7:45:7 | u [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:45:10:45:10 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| lambdas.cpp:45:10:45:10 | w [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:11:5:11:7 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:11:5:11:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:11:5:11:7 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:16:5:16:10 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:16:12:16:14 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:16:12:16:14 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:16:12:16:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:16:12:16:14 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:20:5:20:7 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:20:5:20:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:20:5:20:7 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:22:7:22:9 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:22:7:22:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:22:7:22:9 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:24:7:24:9 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:24:7:24:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:24:7:24:9 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:29:5:29:7 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:29:5:29:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:29:5:29:7 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:31:7:31:9 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:31:7:31:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:31:7:31:9 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:37:7:37:19 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:37:21:37:23 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:37:21:37:23 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:37:21:37:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:37:21:37:23 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:39:7:39:9 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:39:7:39:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:39:7:39:9 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:44:5:44:7 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:44:5:44:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:44:5:44:7 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:46:7:46:9 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:46:7:46:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:46:7:46:9 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:48:7:48:9 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:48:7:48:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:48:7:48:9 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:55:5:55:17 | x1 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:55:19:55:20 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:55:19:55:20 | x1 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:58:5:58:13 | x2 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:58:15:58:16 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:58:15:58:16 | x2 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:61:5:61:24 | x3 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:61:26:61:27 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:61:26:61:27 | x3 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:64:5:64:13 | x4 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:64:15:64:16 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:64:15:64:16 | x4 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:75:5:75:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:75:5:75:7 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:75:9:75:11 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:79:5:79:10 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:79:12:79:14 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:79:12:79:14 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:79:12:79:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:79:12:79:14 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:83:5:83:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:83:5:83:7 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:83:9:83:11 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:87:7:87:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:87:7:87:9 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:87:11:87:13 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:89:7:89:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:89:7:89:9 | lhs [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:89:11:89:13 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:94:5:94:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:94:5:94:7 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:94:9:94:11 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:96:7:96:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:96:7:96:9 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:96:11:96:13 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:102:7:102:19 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:102:21:102:23 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:102:21:102:23 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:102:21:102:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:102:21:102:23 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:104:7:104:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:104:7:104:9 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:104:11:104:13 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:109:5:109:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:109:5:109:7 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:109:9:109:11 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:113:7:113:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:113:7:113:9 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:113:11:113:13 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:115:7:115:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:115:7:115:9 | out [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:115:11:115:13 | val [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:122:5:122:17 | x1 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:122:19:122:20 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:122:19:122:20 | x1 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:125:5:125:13 | x2 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:125:15:125:16 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:125:15:125:16 | x2 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:128:5:128:24 | x3 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:128:26:128:27 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:128:26:128:27 | x3 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:131:5:131:13 | x4 [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:131:15:131:16 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| ref.cpp:131:15:131:16 | x4 [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:6:7:6:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:8:3:8:4 | t2 [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:12:5:12:6 | t2 [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:17:3:17:4 | t1 [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:23:12:23:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:23:27:23:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:24:5:24:6 | t1 [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:41:9:41:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:41:17:41:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:42:9:42:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:43:10:43:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:43:10:43:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:45:5:45:5 | t [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:45:9:45:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:45:9:45:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:50:9:50:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:50:24:50:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:52:7:52:7 | t [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:54:7:54:7 | t [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:67:14:67:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:68:8:68:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:69:8:69:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:70:14:70:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:77:3:77:4 | u1 [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:80:7:80:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:84:8:84:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:85:3:85:4 | i1 [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:91:3:91:9 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:91:3:91:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:91:3:91:9 | source1 [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:100:9:100:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:101:10:101:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:102:5:102:5 | t [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:107:9:107:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:108:10:108:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:109:5:109:5 | t [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:115:3:115:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:115:4:115:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:115:4:115:6 | out [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:116:3:116:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:120:3:120:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:120:4:120:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:120:4:120:6 | out [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:121:3:121:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:125:3:125:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:125:4:125:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:125:4:125:6 | out [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:126:3:126:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:134:3:134:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:138:7:138:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:139:7:139:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:145:3:145:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:149:7:149:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:151:7:151:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:156:7:156:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:158:3:158:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:162:7:162:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:164:7:164:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:171:7:171:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:172:3:172:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:176:7:176:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:177:7:177:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:190:5:190:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:194:9:194:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:194:13:194:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:194:13:194:27 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:194:13:194:27 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:195:9:195:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:196:9:196:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:201:9:201:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:203:5:203:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:207:9:207:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:207:13:207:33 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:207:13:207:33 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:207:13:207:33 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:209:9:209:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:209:13:209:33 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:209:13:209:33 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:209:13:209:33 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:214:9:214:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:215:9:215:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:217:5:217:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:221:9:221:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:221:13:221:34 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:221:13:221:34 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:221:13:221:34 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:223:9:223:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:223:13:223:34 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:223:13:223:34 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:223:13:223:34 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:230:9:230:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:231:9:231:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:232:5:232:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:236:9:236:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:236:13:236:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:236:13:236:24 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:236:13:236:24 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:237:9:237:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:245:7:245:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:245:7:245:12 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:245:7:245:12 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:246:7:246:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:246:7:246:16 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:246:7:246:16 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:250:11:250:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:251:7:251:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:251:7:251:12 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:251:7:251:12 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:255:11:255:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:256:7:256:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:256:7:256:12 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:256:7:256:12 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:265:11:265:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:265:15:265:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:265:15:265:20 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:265:15:265:20 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:267:7:267:7 | x [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:267:11:267:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:267:11:267:20 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:267:11:267:20 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:272:11:272:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:273:7:273:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:273:14:273:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:273:14:273:19 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:273:14:273:19 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:277:11:277:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:278:7:278:29 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:278:14:278:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:278:14:278:19 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:278:14:278:19 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:282:11:282:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:283:7:283:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:288:13:288:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:288:17:288:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:288:17:288:22 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:288:17:288:22 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:290:9:290:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:290:13:290:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:290:13:290:22 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:290:13:290:22 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:295:13:295:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:295:17:295:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:295:17:295:22 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:295:17:295:22 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:296:9:296:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:300:13:300:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:300:23:300:28 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:300:23:300:28 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:300:23:300:28 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:301:9:301:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:305:13:305:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:306:9:306:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:314:2:314:2 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:314:2:314:2 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:314:2:314:2 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:317:6:317:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:317:10:317:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:317:10:317:10 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:317:10:317:10 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:319:6:319:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:319:10:319:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:319:10:319:10 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:319:10:319:10 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:321:2:321:2 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:321:2:321:2 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:321:2:321:2 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:324:2:324:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:333:5:333:13 | globalVar [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:347:5:347:13 | globalVar [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:359:5:359:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:359:5:359:9 | field [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:364:5:364:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:364:5:364:14 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:364:5:364:14 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:373:5:373:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:373:5:373:9 | field [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:374:5:374:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:374:5:374:20 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:374:5:374:20 | this [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:383:7:383:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:384:3:384:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:384:10:384:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:384:10:384:13 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:384:11:384:13 | tmp [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:389:7:389:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:390:8:390:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:391:3:391:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:391:10:391:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:391:10:391:13 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:391:11:391:13 | tmp [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:400:3:400:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:400:10:400:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:400:10:400:13 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:400:11:400:13 | tmp [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:406:8:406:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:407:3:407:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:407:10:407:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:407:10:407:13 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:407:11:407:13 | tmp [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:417:3:417:14 | local [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:417:16:417:20 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:417:16:417:20 | local [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:423:3:423:18 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:423:20:423:25 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:423:21:423:25 | local [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:429:3:429:18 | local [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:429:20:429:24 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:429:20:429:24 | local [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:436:3:436:16 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:436:18:436:23 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:436:19:436:23 | local [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:442:3:442:16 | local [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:442:18:442:22 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:442:18:442:22 | local [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:453:7:453:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:456:7:456:9 | tmp [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:458:7:458:9 | tmp [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:465:3:465:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:465:4:465:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:465:4:465:4 | p [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:469:7:469:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:470:3:470:19 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:470:21:470:22 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:470:22:470:22 | x [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:481:3:481:19 | content [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:481:21:481:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:481:21:481:30 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:481:24:481:30 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:481:24:481:30 | content [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:482:8:482:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:9:7:9:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:10:12:10:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:10:27:10:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:11:5:11:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:17:7:17:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:18:12:18:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:18:35:18:35 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:19:5:19:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:25:7:25:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:26:12:26:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:26:27:26:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:27:5:27:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:33:7:33:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:34:12:34:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:34:27:34:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:37:5:37:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:43:7:43:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:44:12:44:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:44:27:44:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:47:5:47:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:54:7:54:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:55:12:55:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:55:30:55:30 | y [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:55:38:55:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:62:7:62:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:63:12:63:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:63:30:63:30 | y [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:63:38:63:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:64:5:64:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:70:7:70:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:76:12:76:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:76:30:76:30 | x [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:76:38:76:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:83:7:83:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:84:12:84:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:84:20:84:20 | y [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:84:38:84:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:90:7:90:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:91:12:91:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:91:20:91:20 | x [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:91:38:91:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:97:7:97:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:98:7:98:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:101:18:101:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| true_upon_entry.cpp:102:5:102:5 | x [post update] | PostUpdateNode should not be the target of local flow. | diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/lambdas.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/lambdas.cpp index 7bf140918ab..f48b50d705b 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/lambdas.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/lambdas.cpp @@ -18,7 +18,7 @@ void test_lambdas() sink(a()); // $ ast,ir auto b = [&] { - sink(t); // $ ast MISSING: ir + sink(t); // $ ast,ir sink(u); v = source(); // (v is reference captured) }; diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp index afceddfabd0..e4a2eb4a0b8 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp @@ -100,14 +100,14 @@ void local_references(int &source1, int clean1) { int t = source(); int &ref = t; t = clean1; - sink(ref); // $ SPURIOUS: ast + sink(ref); // $ SPURIOUS: ast,ir } { int t = clean1; int &ref = t; t = source(); - sink(ref); // $ ir MISSING: ast + sink(ref); // $ MISSING: ast,ir } } @@ -346,7 +346,7 @@ namespace FlowThroughGlobals { int taintAndCall() { globalVar = source(); calledAfterTaint(); - sink(globalVar); // $ ast MISSING: ir + sink(globalVar); // $ ast,ir } } @@ -355,21 +355,21 @@ namespace FlowThroughGlobals { class FlowThroughFields { int field = 0; - int taintField() { + void taintField() { field = source(); } - int f() { + void f() { sink(field); // tainted or clean? Not sure. taintField(); - sink(field); // $ ast MISSING: ir - } - - int calledAfterTaint() { sink(field); // $ ast,ir } - int taintAndCall() { + void calledAfterTaint() { + sink(field); // $ ast,ir + } + + void taintAndCall() { field = source(); calledAfterTaint(); sink(field); // $ ast,ir diff --git a/cpp/ql/test/library-tests/dataflow/fields/A.cpp b/cpp/ql/test/library-tests/dataflow/fields/A.cpp index d52ca067c6f..395d32f1cd0 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/A.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/A.cpp @@ -54,7 +54,7 @@ public: B *b = new B(); b->set(new C1()); sink(b->get()); // $ ast ir=55:12 - sink((new B(new C()))->get()); // $ ast ir + sink((new B(new C()))->get()); // $ ast MISSING: ir } void f3() @@ -63,7 +63,7 @@ public: B *b2; b2 = setOnB(b1, new C2()); sink(b1->c); // no flow - sink(b2->c); // $ ast MISSING: ir + sink(b2->c); // $ ast ir=64:21 } void f4() @@ -72,7 +72,7 @@ public: B *b2; b2 = setOnBWrap(b1, new C2()); sink(b1->c); // no flow - sink(b2->c); // $ ast MISSING: ir + sink(b2->c); // $ ast ir=73:25 } B *setOnBWrap(B *b1, C *c) @@ -117,7 +117,7 @@ public: } if (C1 *c1 = dynamic_cast(cc)) { - sink(c1->a); // $ SPURIOUS: ast + sink(c1->a); // $ SPURIOUS: ast,ir } } @@ -149,7 +149,7 @@ public: { B *b = new B(); D *d = new D(b, r()); - sink(d->b); // $ ast,ir=143:25 ast,ir=150:12 + sink(d->b); // $ ast MISSING: ir sink(d->b->c); // $ ast MISSING: ir sink(b->c); // $ ast,ir } diff --git a/cpp/ql/test/library-tests/dataflow/fields/C.cpp b/cpp/ql/test/library-tests/dataflow/fields/C.cpp index 79b9ffefdea..bc1c662c3db 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/C.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/C.cpp @@ -1,10 +1,10 @@ +void sink(...); class C { class Elem { }; - private: Elem *s1 = new Elem(); const Elem *s2 = new Elem(); @@ -26,12 +26,10 @@ public: void func() { - sink(s1); // $ast ir + sink(s1); // $ast MISSING: ir sink(s2); // $ MISSING: ast,ir - sink(s3); // $ast ir + sink(s3); // $ast MISSING: ir sink(s4); // $ MISSING: ast,ir } - - static void sink(const void *o) {} }; const C::Elem *C::s4 = new Elem(); diff --git a/cpp/ql/test/library-tests/dataflow/fields/D.cpp b/cpp/ql/test/library-tests/dataflow/fields/D.cpp index 86c40838850..ee51e6e5428 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/D.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/D.cpp @@ -19,7 +19,7 @@ public: }; static void sinkWrap(Box2* b2) { - sink(b2->getBox1()->getElem()); // $ast=28:15 ast=35:15 ast=42:15 ast=49:15 MISSING: ir + sink(b2->getBox1()->getElem()); // $ast,ir=28:15 ast,ir=35:15 ast,ir=42:15 ast,ir=49:15 } Box2* boxfield; @@ -61,6 +61,6 @@ public: private: void f5b() { - sink(boxfield->box->elem); // $ ast MISSING: ir + sink(boxfield->box->elem); // $ ast,ir } }; diff --git a/cpp/ql/test/library-tests/dataflow/fields/E.cpp b/cpp/ql/test/library-tests/dataflow/fields/E.cpp index f2349e00794..d9b6c366ce3 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/E.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/E.cpp @@ -18,7 +18,7 @@ void sink(char *b); void handlePacket(packet *p) { - sink(p->data.buffer); // $ ast MISSING: ir + sink(p->data.buffer); // $ ast,ir } void f(buf* b) @@ -28,7 +28,7 @@ void f(buf* b) argument_source(raw); argument_source(b->buffer); argument_source(p.data.buffer); - sink(raw); // $ ast MISSING: ir - sink(b->buffer); // $ ast MISSING: ir + sink(raw); // $ ast,ir + sink(b->buffer); // $ ast,ir handlePacket(&p); } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll b/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll index a9d98705ca4..652147c328b 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll +++ b/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll @@ -18,7 +18,7 @@ class IRConf extends Configuration { override predicate isSink(Node sink) { exists(Call c | c.getTarget().hasName("sink") and - c.getAnArgument() = sink.asConvertedExpr() + c.getAnArgument() = [sink.asExpr(), sink.asConvertedExpr()] ) } diff --git a/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp b/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp index fcdfc53cfdb..16ff8546b15 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp @@ -35,12 +35,12 @@ void assignAfterAlias() { S s1 = { 0, 0 }; S &ref1 = s1; ref1.m1 = user_input(); - sink(s1.m1); // $ ir MISSING: ast + sink(s1.m1); // $ MISSING: ast,ir S s2 = { 0, 0 }; S &ref2 = s2; s2.m1 = user_input(); - sink(ref2.m1); // $ ir MISSING: ast + sink(ref2.m1); // $ MISSING: ast,ir } void assignAfterCopy() { @@ -77,14 +77,14 @@ void pointerIntermediate() { Wrapper w = { { 0, 0 } }; S *s = &w.s; s->m1 = user_input(); - sink(w.s.m1); // $ ir MISSING: ast + sink(w.s.m1); // $ MISSING: ast,ir } void referenceIntermediate() { Wrapper w = { { 0, 0 } }; S &s = w.s; s.m1 = user_input(); - sink(w.s.m1); // $ ir MISSING: ast + sink(w.s.m1); // $ MISSING: ast,ir } void nestedAssign() { @@ -99,7 +99,7 @@ void addressOfField() { S s_copy = s; int* px = &s_copy.m1; - sink(*px); // $ ir MISSING: ast + sink(*px); // $ MISSING: ast,ir } void taint_a_ptr(int* pa) { @@ -119,7 +119,7 @@ struct S_with_pointer { void pointer_deref(int* xs) { taint_a_ptr(xs); - sink(xs[0]); // $ ir MISSING: ast + sink(xs[0]); // $ MISSING: ast,ir } void pointer_deref_sub(int* xs) { @@ -129,18 +129,18 @@ void pointer_deref_sub(int* xs) { void pointer_many_addrof_and_deref(int* xs) { taint_a_ptr(xs); - sink(*&*&*xs); // $ ir MISSING: ast + sink(*&*&*xs); // $ MISSING: ast,ir } void pointer_unary_plus(int* xs) { taint_a_ptr(+xs); - sink(*+xs); // $ ir MISSING: ast + sink(*+xs); // $ MISSING: ast,ir } void pointer_member_index(S_with_pointer s) { taint_a_ptr(s.data); // `s.data` is points to all-aliased-memory - sink(s.data[0]); // $ MISSING: ir,ast + sink(s.data[0]); // $ ir MISSING: ast } void member_array_different_field(S_with_pointer* s) { @@ -156,13 +156,13 @@ struct S_with_array { void pointer_member_deref() { S_with_array s; taint_a_ptr(s.data); - sink(*s.data); // $ ast MISSING: ir + sink(*s.data); // $ ast,ir } void array_member_deref() { S_with_array s; taint_a_ptr(s.data); - sink(s.data[0]); // $ ast MISSING: ir + sink(s.data[0]); // $ ast,ir } struct S2 { diff --git a/cpp/ql/test/library-tests/dataflow/fields/arrays.cpp b/cpp/ql/test/library-tests/dataflow/fields/arrays.cpp index 8c4f0b34c4d..08fc650085e 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/arrays.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/arrays.cpp @@ -5,7 +5,7 @@ void local_array() { void *arr[10] = { 0 }; arr[0] = user_input(); sink(arr[0]); // $ ast,ir - sink(arr[1]); // $ SPURIOUS: ast + sink(arr[1]); // $ SPURIOUS: ast,ir sink(*arr); // $ ast,ir sink(*&arr[0]); // $ ast,ir } @@ -14,7 +14,7 @@ void local_array_convoluted_assign() { void *arr[10] = { 0 }; *&arr[0] = user_input(); sink(arr[0]); // $ ast,ir - sink(arr[1]); // $ SPURIOUS: ast + sink(arr[1]); // $ SPURIOUS: ast,ir } struct inner { @@ -35,17 +35,17 @@ struct outer { void nested_array_1(outer o) { o.nested.arr[1].data = user_input(); sink(o.nested.arr[1].data); // $ ast,ir - sink(o.nested.arr[0].data); // $ SPURIOUS: ast + sink(o.nested.arr[0].data); // $ SPURIOUS: ast,ir } void nested_array_2(outer o) { o.indirect->arr[1].data = user_input(); - sink(o.indirect->arr[1].data); // $ ast MISSING: ir - sink(o.indirect->arr[0].data); // $ SPURIOUS: ast + sink(o.indirect->arr[1].data); // $ ast,ir + sink(o.indirect->arr[0].data); // $ SPURIOUS: ast,ir } void nested_array_3(outer o) { o.indirect->ptr[1].data = user_input(); - sink(o.indirect->ptr[1].data); // $ MISSING: ir,ast - sink(o.indirect->ptr[0].data); + sink(o.indirect->ptr[1].data); // $ ir MISSING: ast + sink(o.indirect->ptr[0].data); // $ SPURIOUS: ir } diff --git a/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp b/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp index 8e84d39be3b..d8c6a194151 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp @@ -108,11 +108,11 @@ void test_outer_with_ptr(Outer *pouter) { taint_a_ptr(&pouter->a); sink(outer.inner_nested.a); // $ ast,ir - sink(outer.inner_ptr->a); // $ ast MISSING: ir + sink(outer.inner_ptr->a); // $ ast,ir sink(outer.a); // $ ast,ir sink(pouter->inner_nested.a); // $ ast,ir - sink(pouter->inner_ptr->a); // $ast MISSING: ir + sink(pouter->inner_ptr->a); // $ast,ir sink(pouter->a); // $ ast,ir } @@ -128,10 +128,10 @@ void test_outer_with_ref(Outer *pouter) { taint_a_ref(pouter->a); sink(outer.inner_nested.a); // $ ast,ir - sink(outer.inner_ptr->a); // $ ast MISSING: ir + sink(outer.inner_ptr->a); // $ ast,ir sink(outer.a); // $ ast,ir sink(pouter->inner_nested.a); // $ ast,ir - sink(pouter->inner_ptr->a); // $ ast MISSING: ir + sink(pouter->inner_ptr->a); // $ ast,ir sink(pouter->a); // $ ast,ir } diff --git a/cpp/ql/test/library-tests/dataflow/fields/conflated.cpp b/cpp/ql/test/library-tests/dataflow/fields/conflated.cpp index aa600a99a5e..1d166465710 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/conflated.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/conflated.cpp @@ -8,7 +8,7 @@ struct A { void pointer_without_allocation(const A& ra) { *ra.p = user_input(); - sink(*ra.p); // $ MISSING: ast,ir + sink(*ra.p); // $ ir MISSING: ast } void argument_source(void*); @@ -17,7 +17,7 @@ void sink(void*); void pointer_without_allocation_2() { char *raw; argument_source(raw); - sink(raw); // $ ast MISSING: ir + sink(raw); // $ ast,ir } A* makeA() { @@ -27,14 +27,14 @@ A* makeA() { void no_InitializeDynamicAllocation_instruction() { A* pa = makeA(); pa->x = user_input(); - sink(pa->x); // $ ast MISSING: ir + sink(pa->x); // $ ast,ir } void fresh_or_arg(A* arg, bool unknown) { A* pa; pa = unknown ? arg : new A; pa->x = user_input(); - sink(pa->x); // $ ast MISSING: ir + sink(pa->x); // $ ast,ir } struct LinkedList { @@ -52,11 +52,11 @@ void too_many_indirections() { LinkedList* ll = new LinkedList; ll->next = new LinkedList; ll->next->y = user_input(); - sink(ll->next->y); // $ ast MISSING: ir + sink(ll->next->y); // $ ast,ir } void too_many_indirections_2(LinkedList* next) { LinkedList* ll = new LinkedList(next); ll->next->y = user_input(); - sink(ll->next->y); // $ ast MISSING: ir + sink(ll->next->y); // $ ast,ir } diff --git a/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected index 8333b9d5776..82ad497f1ec 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected @@ -3,8 +3,8 @@ uniqueEnclosingCallable | C.cpp:9:14:9:23 | new | Node should have one enclosing callable but has 0. | | C.cpp:10:20:10:29 | 0 | Node should have one enclosing callable but has 0. | | C.cpp:10:20:10:29 | new | Node should have one enclosing callable but has 0. | -| C.cpp:37:24:37:33 | 0 | Node should have one enclosing callable but has 0. | -| C.cpp:37:24:37:33 | new | Node should have one enclosing callable but has 0. | +| C.cpp:35:24:35:33 | 0 | Node should have one enclosing callable but has 0. | +| C.cpp:35:24:35:33 | new | Node should have one enclosing callable but has 0. | uniqueType uniqueNodeLocation missingLocation diff --git a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected index fe7d8360403..ad1bf5316cb 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected @@ -20,149 +20,1306 @@ unreachableNodeCCtx localCallNodes postIsNotPre postHasUniquePre -| D.cpp:57:5:57:42 | Store | PostUpdateNode should have one pre-update node but has 0. | -| simple.cpp:65:5:65:22 | Store | PostUpdateNode should have one pre-update node but has 0. | -| simple.cpp:83:9:83:28 | Store | PostUpdateNode should have one pre-update node but has 0. | -| simple.cpp:92:5:92:22 | Store | PostUpdateNode should have one pre-update node but has 0. | uniquePostUpdate postIsInSameCallable reverseRead argHasPostUpdate postWithInFlow -| A.cpp:25:7:25:17 | Chi | PostUpdateNode should not be the target of local flow. | -| A.cpp:27:22:27:32 | Chi | PostUpdateNode should not be the target of local flow. | -| A.cpp:98:12:98:18 | Chi | PostUpdateNode should not be the target of local flow. | -| A.cpp:100:5:100:13 | Chi | PostUpdateNode should not be the target of local flow. | -| A.cpp:142:7:142:20 | Chi | PostUpdateNode should not be the target of local flow. | -| A.cpp:143:7:143:31 | Chi | PostUpdateNode should not be the target of local flow. | -| A.cpp:183:7:183:20 | Chi | PostUpdateNode should not be the target of local flow. | -| A.cpp:184:7:184:23 | Chi | PostUpdateNode should not be the target of local flow. | -| B.cpp:6:15:6:24 | Chi | PostUpdateNode should not be the target of local flow. | -| B.cpp:15:15:15:27 | Chi | PostUpdateNode should not be the target of local flow. | -| B.cpp:35:7:35:22 | Chi | PostUpdateNode should not be the target of local flow. | -| B.cpp:36:7:36:22 | Chi | PostUpdateNode should not be the target of local flow. | -| B.cpp:46:7:46:21 | Chi | PostUpdateNode should not be the target of local flow. | -| C.cpp:22:12:22:21 | Chi | PostUpdateNode should not be the target of local flow. | -| C.cpp:22:12:22:21 | Chi | PostUpdateNode should not be the target of local flow. | -| C.cpp:24:5:24:25 | Chi | PostUpdateNode should not be the target of local flow. | -| C.cpp:24:16:24:25 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:9:21:9:28 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:11:29:11:36 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:16:21:16:27 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:18:29:18:35 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:28:15:28:24 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:35:15:35:24 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:42:15:42:24 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:49:15:49:24 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:56:15:56:24 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:57:5:57:42 | Chi | PostUpdateNode should not be the target of local flow. | -| D.cpp:57:5:57:42 | Store | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:9:3:9:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:13:3:13:21 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:17:3:17:21 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:21:12:21:12 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:21:15:21:15 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:22:12:22:12 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:22:15:22:15 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:23:12:23:12 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:23:15:23:15 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:35:12:35:12 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:35:15:35:15 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:37:3:37:24 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:40:12:40:12 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:40:15:40:15 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:42:3:42:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:47:12:47:12 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:47:15:47:15 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:49:3:49:25 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:52:12:52:12 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:52:15:52:15 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:54:3:54:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:59:12:59:12 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:59:15:59:15 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:60:3:60:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:70:19:70:19 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:70:22:70:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:72:3:72:21 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:77:19:77:19 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:77:22:77:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:79:3:79:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:84:19:84:19 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:84:22:84:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:86:3:86:21 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:91:19:91:19 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:91:22:91:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:92:3:92:23 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:98:3:98:21 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:106:3:106:20 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:111:15:111:19 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:147:15:147:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:175:15:175:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:181:15:181:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:187:15:187:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:194:15:194:22 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:200:15:200:24 | Chi | PostUpdateNode should not be the target of local flow. | -| aliasing.cpp:205:15:205:24 | Chi | PostUpdateNode should not be the target of local flow. | -| arrays.cpp:5:18:5:23 | Chi | PostUpdateNode should not be the target of local flow. | -| arrays.cpp:5:21:5:21 | Chi | PostUpdateNode should not be the target of local flow. | -| arrays.cpp:6:3:6:23 | Chi | PostUpdateNode should not be the target of local flow. | -| arrays.cpp:14:18:14:23 | Chi | PostUpdateNode should not be the target of local flow. | -| arrays.cpp:14:21:14:21 | Chi | PostUpdateNode should not be the target of local flow. | -| arrays.cpp:15:3:15:25 | Chi | PostUpdateNode should not be the target of local flow. | -| arrays.cpp:36:3:36:37 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:12:5:12:16 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:16:5:16:19 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:84:3:84:25 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:88:3:88:24 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:92:3:92:20 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:96:3:96:19 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:102:21:102:39 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:104:15:104:22 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:106:21:106:41 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:108:15:108:24 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:122:21:122:38 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:124:15:124:21 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:126:21:126:40 | Chi | PostUpdateNode should not be the target of local flow. | -| by_reference.cpp:128:15:128:23 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:11:22:11:27 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:12:22:12:27 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:14:26:14:26 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:14:33:14:33 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:22:11:22:17 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:25:7:25:7 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:42:16:42:16 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:43:16:43:16 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:53:12:53:12 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:54:12:54:12 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:55:12:55:12 | Chi | PostUpdateNode should not be the target of local flow. | -| complex.cpp:56:12:56:12 | Chi | PostUpdateNode should not be the target of local flow. | -| conflated.cpp:45:39:45:42 | Chi | PostUpdateNode should not be the target of local flow. | -| conflated.cpp:53:3:53:27 | Chi | PostUpdateNode should not be the target of local flow. | -| constructors.cpp:20:24:20:29 | Chi | PostUpdateNode should not be the target of local flow. | -| constructors.cpp:21:24:21:29 | Chi | PostUpdateNode should not be the target of local flow. | -| constructors.cpp:23:28:23:28 | Chi | PostUpdateNode should not be the target of local flow. | -| constructors.cpp:23:35:23:35 | Chi | PostUpdateNode should not be the target of local flow. | -| qualifiers.cpp:9:30:9:44 | Chi | PostUpdateNode should not be the target of local flow. | -| qualifiers.cpp:12:49:12:64 | Chi | PostUpdateNode should not be the target of local flow. | -| qualifiers.cpp:13:51:13:65 | Chi | PostUpdateNode should not be the target of local flow. | -| realistic.cpp:39:12:39:95 | Chi | PostUpdateNode should not be the target of local flow. | -| realistic.cpp:49:9:49:64 | Chi | PostUpdateNode should not be the target of local flow. | -| simple.cpp:20:24:20:29 | Chi | PostUpdateNode should not be the target of local flow. | -| simple.cpp:21:24:21:29 | Chi | PostUpdateNode should not be the target of local flow. | -| simple.cpp:23:28:23:28 | Chi | PostUpdateNode should not be the target of local flow. | -| simple.cpp:23:35:23:35 | Chi | PostUpdateNode should not be the target of local flow. | -| simple.cpp:65:5:65:22 | Store | PostUpdateNode should not be the target of local flow. | -| simple.cpp:83:9:83:28 | Chi | PostUpdateNode should not be the target of local flow. | -| simple.cpp:83:9:83:28 | Store | PostUpdateNode should not be the target of local flow. | -| simple.cpp:92:5:92:22 | Store | PostUpdateNode should not be the target of local flow. | -| struct_init.c:20:20:20:29 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:20:34:20:34 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:27:7:27:16 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:27:21:27:21 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:28:5:28:7 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:36:10:36:24 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:40:20:40:29 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:40:34:40:34 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:42:7:42:16 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:42:21:42:21 | Chi | PostUpdateNode should not be the target of local flow. | -| struct_init.c:43:5:43:7 | Chi | PostUpdateNode should not be the target of local flow. | +| A.cpp:9:9:9:9 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:9:9:9:9 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:9:9:9:9 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:14:9:14:9 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:14:9:14:9 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:14:9:14:9 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:25:7:25:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:25:13:25:13 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:27:22:27:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:27:28:27:28 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:28:16:28:30 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:31:7:31:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:31:14:31:21 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:31:14:31:21 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:31:14:31:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:31:14:31:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:31:20:31:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:31:20:31:20 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:38:7:38:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:38:7:38:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:39:7:39:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:39:7:39:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:40:5:40:6 | cc [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:40:8:40:13 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:40:8:40:13 | cc [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:40:15:40:21 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:41:5:41:6 | ct [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:41:8:41:13 | ct [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:41:8:41:13 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:41:15:41:21 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:41:15:41:21 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:41:15:41:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:41:15:41:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:42:5:42:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:42:10:42:12 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:42:10:42:12 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:42:11:42:12 | cc [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:43:5:43:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:43:10:43:12 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:43:10:43:12 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:43:11:43:12 | ct [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:47:8:47:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:47:12:47:18 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:47:12:47:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:47:12:47:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:48:8:48:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:48:12:48:18 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:48:20:48:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:48:20:48:20 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:49:5:49:8 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:49:10:49:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:49:10:49:13 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:49:13:49:13 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:49:13:49:13 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:54:8:54:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:54:12:54:18 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:54:12:54:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:54:12:54:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:55:5:55:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:55:5:55:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:55:8:55:10 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:55:8:55:10 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:55:12:55:19 | (C *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:55:12:55:19 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:55:12:55:19 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:55:12:55:19 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:56:5:56:8 | call to get [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:56:10:56:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:56:10:56:10 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:56:10:56:17 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:56:13:56:15 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:56:13:56:15 | call to get [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:5:57:8 | call to get [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:10:57:32 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:11:57:24 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:11:57:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:11:57:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:11:57:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:17:57:23 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:17:57:23 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:17:57:23 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:28:57:30 | call to get [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:57:28:57:30 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:62:8:62:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:62:13:62:19 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:62:13:62:19 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:62:13:62:19 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:5:64:6 | b2 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:10:64:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:10:64:15 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:10:64:15 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:10:64:15 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:10:64:15 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:17:64:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:17:64:18 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:21:64:28 | (C *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:21:64:28 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:21:64:28 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:64:21:64:28 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:65:5:65:8 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:65:10:65:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:65:10:65:14 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:65:14:65:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:65:14:65:14 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:66:5:66:8 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:66:10:66:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:66:10:66:14 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:66:14:66:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:66:14:66:14 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:71:8:71:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:71:13:71:19 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:71:13:71:19 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:71:13:71:19 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:5:73:6 | b2 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:10:73:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:10:73:19 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:10:73:19 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:10:73:19 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:10:73:19 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:21:73:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:21:73:22 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:25:73:32 | (C *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:25:73:32 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:25:73:32 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:73:25:73:32 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:74:5:74:8 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:74:10:74:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:74:10:74:14 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:74:14:74:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:74:14:74:14 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:75:5:75:8 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:75:10:75:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:75:10:75:14 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:75:14:75:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:75:14:75:14 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:5:81:6 | b2 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:10:81:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:10:81:15 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:10:81:15 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:10:81:15 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:10:81:15 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:17:81:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:17:81:18 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:21:81:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:81:21:81:21 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:82:5:82:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:82:12:82:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:82:12:82:12 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:82:12:82:12 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:82:12:82:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:82:12:82:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:87:9:87:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:87:9:87:9 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:87:9:87:9 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:89:10:89:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:89:15:89:21 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:89:15:89:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:89:15:89:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:90:7:90:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:90:7:90:8 | b2 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:90:11:90:13 | b2 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:90:11:90:13 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:90:15:90:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:90:15:90:15 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:91:7:91:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:93:5:93:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:98:8:98:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:98:12:98:18 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:98:12:98:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:99:9:99:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:99:14:99:21 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:99:14:99:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:99:14:99:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:100:5:100:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:100:9:100:9 | a [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:101:5:101:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:101:5:101:6 | c1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:101:5:101:6 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:101:5:101:6 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:101:8:101:9 | (C *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:101:8:101:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:101:8:101:9 | c1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:105:9:105:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:107:7:107:10 | a [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:107:12:107:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:107:12:107:16 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:107:16:107:16 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:107:16:107:16 | a [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:110:9:110:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:112:7:112:8 | cc [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:116:7:116:8 | cc [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:116:12:116:19 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:116:12:116:19 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:116:12:116:19 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:118:9:118:39 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:120:7:120:10 | a [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:120:12:120:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:120:12:120:16 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:120:16:120:16 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:120:16:120:16 | a [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:126:5:126:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:126:5:126:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:126:8:126:10 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:126:8:126:10 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:126:12:126:18 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:126:12:126:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:126:12:126:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:130:8:130:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:130:12:130:18 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:130:12:130:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:130:12:130:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:131:5:131:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:131:5:131:6 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:131:5:131:6 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:131:5:131:6 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:131:8:131:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:131:8:131:8 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:132:5:132:8 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:132:10:132:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:132:10:132:13 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:132:13:132:13 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:132:13:132:13 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:142:7:142:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:142:10:142:10 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:142:14:142:20 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:142:14:142:20 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:142:14:142:20 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:143:7:143:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:143:13:143:13 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:143:17:143:31 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:143:17:143:31 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:143:25:143:31 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:143:25:143:31 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:143:25:143:31 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:150:8:150:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:150:12:150:18 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:150:12:150:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:150:12:150:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:8:151:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:12:151:24 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:12:151:24 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:12:151:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:12:151:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:18:151:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:18:151:18 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:21:151:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:21:151:21 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:151:21:151:21 | this [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:152:5:152:8 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:152:10:152:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:152:10:152:13 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:152:13:152:13 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:152:13:152:13 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:153:5:153:8 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:153:10:153:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:153:10:153:16 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:153:13:153:13 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:153:16:153:16 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:153:16:153:16 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:154:5:154:8 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:154:10:154:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:154:10:154:13 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:154:13:154:13 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:154:13:154:13 | c [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:159:8:159:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:159:12:159:18 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:159:12:159:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:159:12:159:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:13:160:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:18:160:60 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:18:160:60 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:18:160:60 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:18:160:60 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:18:160:60 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:29:160:29 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:29:160:29 | b [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:32:160:59 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:32:160:59 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:32:160:59 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:32:160:59 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:32:160:59 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:43:160:49 | (B *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:160:52:160:58 | (MyList *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:161:13:161:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:161:18:161:40 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:161:18:161:40 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:161:18:161:40 | l1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:161:18:161:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:161:18:161:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:161:29:161:35 | (B *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:161:38:161:39 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:161:38:161:39 | l1 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:162:13:162:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:162:18:162:40 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:162:18:162:40 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:162:18:162:40 | l2 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:162:18:162:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:162:18:162:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:162:29:162:35 | (B *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:162:38:162:39 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:162:38:162:39 | l2 [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:163:5:163:8 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:163:10:163:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:163:10:163:17 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:163:14:163:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:163:14:163:17 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:164:5:164:8 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:164:10:164:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:164:10:164:23 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:164:14:164:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:164:20:164:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:164:20:164:23 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:165:5:165:8 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:165:10:165:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:165:10:165:29 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:165:14:165:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:165:20:165:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:165:26:165:29 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:165:26:165:29 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:166:5:166:8 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:166:10:166:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:166:10:166:35 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:166:14:166:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:166:20:166:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:166:26:166:29 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:166:32:166:35 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:166:32:166:35 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:167:18:167:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:167:40:167:40 | l [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:169:7:169:10 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:169:12:169:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:169:12:169:18 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:169:15:169:18 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:169:15:169:18 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:174:14:174:63 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:183:7:183:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:183:7:183:10 | head [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:184:7:184:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| A.cpp:184:13:184:16 | next [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:6:11:6:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:6:15:6:24 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:6:15:6:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:7:11:7:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:7:16:7:35 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:7:16:7:35 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:7:16:7:35 | e [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:7:16:7:35 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:7:16:7:35 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:7:25:7:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:7:25:7:25 | e [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:7:28:7:34 | (Elem *)... [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:8:11:8:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:8:16:8:27 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:8:16:8:27 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:8:16:8:27 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:8:16:8:27 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:8:25:8:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:8:25:8:26 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:9:5:9:8 | elem1 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:9:10:9:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:9:10:9:24 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:9:14:9:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:9:20:9:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:9:20:9:24 | elem1 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:10:5:10:8 | elem2 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:10:10:10:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:10:10:10:24 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:10:14:10:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:10:20:10:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:10:20:10:24 | elem2 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:15:11:15:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:15:15:15:27 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:15:15:15:27 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:16:11:16:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:16:16:16:38 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:16:16:16:38 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:16:16:16:38 | e [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:16:16:16:38 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:16:16:16:38 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:16:28:16:34 | (Elem *)... [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:16:37:16:37 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:16:37:16:37 | e [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:17:11:17:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:17:16:17:27 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:17:16:17:27 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:17:16:17:27 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:17:16:17:27 | new [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:17:25:17:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:17:25:17:26 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:18:5:18:8 | elem1 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:18:10:18:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:18:10:18:24 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:18:14:18:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:18:20:18:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:18:20:18:24 | elem1 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:19:5:19:8 | elem2 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:19:10:19:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:19:10:19:24 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:19:14:19:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:19:20:19:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:19:20:19:24 | elem2 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:35:7:35:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:35:13:35:17 | elem1 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:36:7:36:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:36:13:36:17 | elem2 [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:46:7:46:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| B.cpp:46:13:46:16 | box1 [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:18:8:18:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:18:12:18:18 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:18:12:18:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:18:12:18:18 | new [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:19:5:19:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:19:5:19:5 | c [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:19:8:19:11 | c [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:22:9:22:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:22:12:22:21 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:22:12:22:21 | new [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:24:5:24:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:24:11:24:12 | s3 [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:24:16:24:25 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:24:16:24:25 | new [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:29:5:29:8 | s1 [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:29:10:29:11 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:29:10:29:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:29:10:29:11 | s1 [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:30:5:30:8 | s2 [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:30:10:30:11 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:30:10:30:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:30:10:30:11 | s2 [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:31:5:31:8 | s3 [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:31:10:31:11 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:31:10:31:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:31:10:31:11 | s3 [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:32:5:32:8 | s4 [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:32:10:32:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| C.cpp:32:10:32:11 | s4 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:9:21:9:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:9:21:9:24 | elem [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:10:23:10:34 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:11:29:11:32 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:11:29:11:32 | elem [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:16:21:16:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:16:21:16:23 | box [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:17:23:17:33 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:18:29:18:31 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:18:29:18:31 | box [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:22:5:22:8 | call to getElem [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:22:10:22:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:22:10:22:11 | b2 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:22:10:22:33 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:22:14:22:20 | b2 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:22:14:22:20 | call to getBox1 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:22:25:22:31 | call to getBox1 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:22:25:22:31 | call to getElem [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:28:11:28:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:28:15:28:24 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:28:15:28:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:11:29:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:15:29:41 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:15:29:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:15:29:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:15:29:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:24:29:40 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:24:29:40 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:24:29:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:24:29:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:29:33:29:39 | (Elem *)... [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:30:5:30:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:30:8:30:10 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:30:13:30:16 | elem [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:31:5:31:12 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:31:14:31:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:31:14:31:14 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:35:11:35:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:35:15:35:24 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:35:15:35:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:11:36:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:15:36:41 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:15:36:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:15:36:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:15:36:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:24:36:40 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:24:36:40 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:24:36:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:24:36:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:36:33:36:39 | (Elem *)... [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:37:5:37:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:37:8:37:10 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:37:8:37:10 | box [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:37:13:37:19 | box [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:37:13:37:19 | e [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:37:21:37:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:37:21:37:21 | e [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:38:5:38:12 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:38:14:38:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:38:14:38:14 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:42:11:42:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:42:15:42:24 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:42:15:42:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:11:43:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:15:43:41 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:15:43:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:15:43:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:15:43:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:24:43:40 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:24:43:40 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:24:43:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:24:43:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:43:33:43:39 | (Elem *)... [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:44:5:44:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:44:5:44:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:44:8:44:14 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:44:19:44:22 | elem [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:45:5:45:12 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:45:14:45:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:45:14:45:14 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:49:11:49:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:49:15:49:24 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:49:15:49:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:11:50:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:15:50:41 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:15:50:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:15:50:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:15:50:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:24:50:40 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:24:50:40 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:24:50:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:24:50:40 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:50:33:50:39 | (Elem *)... [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:51:5:51:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:51:5:51:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:51:8:51:14 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:51:8:51:14 | call to getBox1 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:51:19:51:25 | call to getBox1 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:51:19:51:25 | e [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:51:27:51:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:51:27:51:27 | e [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:52:5:52:12 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:52:14:52:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:52:14:52:14 | b [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:56:11:56:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:56:15:56:24 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:56:15:56:24 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:5:57:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:5:57:12 | boxfield [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:16:57:42 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:16:57:42 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:16:57:42 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:16:57:42 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:25:57:41 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:25:57:41 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:25:57:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:25:57:41 | new [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:57:34:57:40 | (Elem *)... [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:58:5:58:12 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:58:5:58:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:58:15:58:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:58:20:58:23 | elem [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:59:5:59:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:59:5:59:7 | this [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:59:5:59:7 | this [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:64:5:64:8 | elem [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:64:10:64:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:64:10:64:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:64:10:64:28 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:64:20:64:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:64:25:64:28 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| D.cpp:64:25:64:28 | elem [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:21:5:21:8 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:21:10:21:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:21:18:21:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:21:18:21:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:28:5:28:19 | raw [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:28:21:28:23 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:28:21:28:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:28:21:28:23 | raw [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:29:5:29:19 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:29:21:29:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:29:21:29:29 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:29:24:29:29 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:29:24:29:29 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:30:5:30:19 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:30:21:30:33 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:30:28:30:33 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:30:28:30:33 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:31:5:31:8 | raw [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:31:10:31:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:31:10:31:12 | raw [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:32:5:32:8 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:32:10:32:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:32:13:32:18 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:32:13:32:18 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:33:5:33:16 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:33:18:33:19 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| E.cpp:33:19:33:19 | p [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:9:3:9:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:9:6:9:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:13:3:13:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:13:3:13:3 | s [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:13:5:13:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:17:5:17:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:21:9:21:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:21:9:21:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:22:9:22:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:22:9:22:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:23:9:23:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:23:9:23:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:25:3:25:15 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:25:17:25:19 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:25:18:25:19 | s1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:26:3:26:17 | s2 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:26:19:26:20 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:26:19:26:20 | s2 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:35:9:35:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:35:9:35:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:36:6:36:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:37:3:37:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:37:3:37:6 | ref1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:37:8:37:9 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:40:9:40:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:40:9:40:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:41:6:41:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:42:6:42:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:47:9:47:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:47:9:47:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:48:5:48:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:49:9:49:10 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:52:9:52:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:52:9:52:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:53:5:53:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:54:6:54:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:59:9:59:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:59:9:59:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:60:6:60:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:61:5:61:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:70:17:70:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:70:17:70:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:71:5:71:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:72:5:72:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:77:17:77:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:77:17:77:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:78:6:78:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:79:3:79:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:79:6:79:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:84:17:84:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:84:17:84:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:85:6:85:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:86:3:86:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:86:3:86:3 | s [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:86:5:86:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:91:17:91:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:91:17:91:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:92:7:92:8 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:98:5:98:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:100:5:100:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:101:8:101:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:106:3:106:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:106:4:106:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:106:4:106:5 | pa [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:111:3:111:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:111:15:111:19 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:111:18:111:19 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:121:3:121:13 | xs [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:121:15:121:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:121:15:121:16 | xs [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:126:3:126:13 | ... - ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:126:15:126:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:126:15:126:16 | xs [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:126:15:126:20 | ... - ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:131:3:131:13 | xs [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:131:15:131:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:131:15:131:16 | xs [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:136:3:136:13 | + ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:136:15:136:17 | + ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:136:16:136:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:136:16:136:17 | xs [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:141:3:141:13 | data [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:141:17:141:20 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:141:17:141:20 | data [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:147:3:147:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:147:15:147:22 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:147:16:147:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:147:16:147:16 | s [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:147:21:147:22 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:158:3:158:13 | data [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:158:15:158:20 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:158:17:158:20 | data [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:164:3:164:13 | data [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:164:15:164:20 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:164:17:164:20 | data [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:175:3:175:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:175:15:175:22 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:175:21:175:22 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:181:3:181:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:181:15:181:22 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:181:21:181:22 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:187:3:187:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:187:15:187:22 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:187:21:187:22 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:188:6:188:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:194:3:194:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:194:15:194:22 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:194:21:194:22 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:195:6:195:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:200:3:200:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:200:15:200:24 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:200:16:200:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:200:23:200:24 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:205:3:205:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:205:15:205:24 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:205:16:205:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aliasing.cpp:205:23:205:24 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:5:9:5:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:5:18:5:23 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:5:18:5:23 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:6:3:6:5 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:6:3:6:5 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:6:3:6:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:7:3:7:6 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:7:8:7:10 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:7:8:7:10 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:7:8:7:13 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:7:8:7:13 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:8:3:8:6 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:8:8:8:10 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:8:8:8:10 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:8:8:8:13 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:8:8:8:13 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:9:3:9:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:9:8:9:11 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:9:9:9:11 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:9:9:9:11 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:10:3:10:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:10:8:10:15 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:10:9:10:15 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:10:10:10:12 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:10:10:10:12 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:10:10:10:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:14:9:14:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:14:18:14:23 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:14:18:14:23 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:15:3:15:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:15:4:15:10 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:15:5:15:7 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:15:5:15:7 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:15:5:15:10 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:16:3:16:6 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:16:8:16:10 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:16:8:16:10 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:16:8:16:13 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:16:8:16:13 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:17:3:17:6 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:17:8:17:10 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:17:8:17:10 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:17:8:17:13 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:17:8:17:13 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:36:3:36:14 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:36:12:36:14 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:36:19:36:22 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:37:3:37:6 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:37:8:37:19 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:37:17:37:19 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:37:24:37:27 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:37:24:37:27 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:38:3:38:6 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:38:8:38:19 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:38:17:38:19 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:38:24:38:27 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:38:24:38:27 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:42:3:42:17 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:42:5:42:12 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:42:15:42:17 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:42:22:42:25 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:43:3:43:6 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:43:8:43:22 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:43:10:43:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:43:20:43:22 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:43:27:43:30 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:43:27:43:30 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:44:3:44:6 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:44:8:44:22 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:44:10:44:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:44:20:44:22 | arr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:44:27:44:30 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:44:27:44:30 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:48:5:48:12 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:48:15:48:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:48:15:48:17 | ptr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:48:22:48:25 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:49:3:49:6 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:49:10:49:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:49:20:49:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:49:20:49:22 | ptr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:49:27:49:30 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:49:27:49:30 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:50:3:50:6 | data [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:50:10:50:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:50:20:50:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:50:20:50:22 | ptr [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:50:27:50:30 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| arrays.cpp:50:27:50:30 | data [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:12:5:12:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:12:8:12:8 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:16:5:16:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:16:11:16:11 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:20:5:20:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:20:5:20:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:20:11:20:21 | this [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:20:11:20:21 | value [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:20:23:20:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:20:23:20:27 | value [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:24:5:24:17 | this [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:24:5:24:17 | value [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:24:19:24:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:24:19:24:22 | this [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:24:25:24:29 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:24:25:24:29 | value [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:32:5:32:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:36:5:36:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:40:5:40:31 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:44:5:44:31 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:50:3:50:3 | s [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:50:5:50:15 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:50:5:50:15 | s [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:50:17:50:26 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:51:3:51:6 | call to getDirectly [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:51:10:51:20 | call to getDirectly [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:56:3:56:3 | s [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:56:5:56:17 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:56:5:56:17 | s [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:56:19:56:28 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:57:3:57:6 | call to getIndirectly [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:57:10:57:22 | call to getIndirectly [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:62:3:62:3 | s [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:62:5:62:23 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:62:5:62:23 | s [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:62:25:62:34 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:63:3:63:6 | call to getThroughNonMember [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:63:10:63:28 | call to getThroughNonMember [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:68:3:68:15 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:68:3:68:15 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:68:17:68:18 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:68:18:68:18 | s [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:68:21:68:30 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:69:3:69:6 | call to nonMemberGetA [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:69:8:69:20 | call to nonMemberGetA [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:84:3:84:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:84:10:84:10 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:88:3:88:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:88:3:88:7 | inner [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:88:9:88:9 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:92:3:92:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:92:4:92:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:92:4:92:5 | pa [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:96:3:96:4 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:96:3:96:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:96:3:96:4 | pa [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:102:3:102:19 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:102:21:102:39 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:102:28:102:39 | inner_nested [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:103:3:103:19 | inner_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:103:27:103:35 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:103:27:103:35 | inner_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:104:3:104:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:104:15:104:22 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:104:22:104:22 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:106:3:106:19 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:106:21:106:41 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:106:22:106:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:106:30:106:41 | inner_nested [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:107:3:107:19 | inner_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:107:21:107:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:107:29:107:37 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:107:29:107:37 | inner_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:108:3:108:13 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:108:15:108:24 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:108:16:108:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:108:24:108:24 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:110:3:110:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:110:27:110:27 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:110:27:110:27 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:111:3:111:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:111:14:111:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:111:25:111:25 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:111:25:111:25 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:112:3:112:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:112:14:112:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:112:14:112:14 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:114:3:114:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:114:8:114:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:114:29:114:29 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:114:29:114:29 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:115:3:115:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:115:8:115:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:115:16:115:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:115:27:115:27 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:115:27:115:27 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:116:3:116:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:116:8:116:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:116:16:116:16 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:116:16:116:16 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:122:3:122:19 | inner_nested [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:122:21:122:38 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:122:27:122:38 | inner_nested [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:123:3:123:19 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:123:21:123:36 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:123:21:123:36 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:123:28:123:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:123:28:123:36 | inner_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:124:3:124:13 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:124:15:124:21 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:124:21:124:21 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:126:3:126:19 | inner_nested [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:126:21:126:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:126:21:126:40 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:126:29:126:40 | inner_nested [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:127:3:127:19 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:127:21:127:38 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:127:21:127:38 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:127:22:127:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:127:30:127:38 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:127:30:127:38 | inner_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:128:3:128:13 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:128:15:128:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:128:15:128:23 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:128:23:128:23 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:130:3:130:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:130:27:130:27 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:130:27:130:27 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:131:3:131:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:131:14:131:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:131:25:131:25 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:131:25:131:25 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:132:3:132:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:132:14:132:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:132:14:132:14 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:134:3:134:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:134:8:134:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:134:29:134:29 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:134:29:134:29 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:135:3:135:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:135:8:135:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:135:16:135:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:135:27:135:27 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:135:27:135:27 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:136:3:136:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:136:8:136:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:136:16:136:16 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| by_reference.cpp:136:16:136:16 | a [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:9:13:9:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:10:13:10:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:11:22:11:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:11:22:11:23 | a_ [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:12:22:12:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:12:22:12:23 | b_ [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:14:23:14:27 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:14:30:14:34 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:22:11:22:17 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:22:11:22:17 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:25:7:25:7 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:25:7:25:7 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:33:3:33:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:42:8:42:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:42:8:42:8 | b [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:42:16:42:16 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:42:18:42:18 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:43:8:43:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:43:8:43:8 | b [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:43:16:43:16 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:43:18:43:18 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:48:9:48:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:48:9:48:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:49:9:49:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:49:9:49:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:50:9:50:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:50:9:50:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:51:9:51:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:51:9:51:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:53:12:53:12 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:53:14:53:17 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:54:12:54:12 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:54:14:54:17 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:55:12:55:12 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:55:14:55:17 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:56:12:56:12 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:56:14:56:17 | f [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:59:3:59:5 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:59:7:59:8 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:59:7:59:8 | b1 [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:62:3:62:5 | b2 [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:62:7:62:8 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:62:7:62:8 | b2 [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:65:3:65:5 | b3 [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:65:7:65:8 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:65:7:65:8 | b3 [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:68:3:68:5 | b4 [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:68:7:68:8 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| complex.cpp:68:7:68:8 | b4 [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:10:3:10:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:10:4:10:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:10:4:10:5 | ra [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:10:7:10:7 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:10:7:10:7 | p [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:19:3:19:17 | raw [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:19:19:19:21 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:19:19:19:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:19:19:19:21 | raw [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:20:3:20:6 | raw [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:20:8:20:10 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:20:8:20:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:20:8:20:10 | raw [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:24:3:24:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:28:6:28:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:29:3:29:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:29:7:29:7 | x [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:35:3:35:4 | pa [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:35:8:35:28 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:35:8:35:28 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:36:3:36:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:36:7:36:7 | x [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:45:34:45:43 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:52:15:52:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:53:3:53:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:53:7:53:10 | next [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:54:3:54:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:54:7:54:10 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:54:13:54:13 | y [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:59:15:59:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:59:20:59:39 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:59:20:59:39 | new [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:59:20:59:39 | new [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:59:20:59:39 | next [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:59:35:59:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:59:35:59:38 | next [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:60:3:60:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:60:7:60:10 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conflated.cpp:60:13:60:13 | y [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:5:5:5:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:18:15:18:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:19:15:19:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:20:24:20:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:20:24:20:25 | a_ [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:21:24:21:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:21:24:21:25 | b_ [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:23:25:23:29 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:23:32:23:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:28:10:28:10 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:28:10:28:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:28:10:28:10 | f [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:28:12:28:12 | f [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:29:10:29:10 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:29:10:29:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:29:10:29:10 | f [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:29:12:29:12 | f [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:34:9:34:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:34:11:34:26 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:35:9:35:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:35:11:35:26 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:36:9:36:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:36:11:36:37 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:37:9:37:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:37:11:37:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:40:5:40:7 | f [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:40:9:40:9 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:40:9:40:9 | f [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:43:5:43:7 | g [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:43:9:43:9 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:43:9:43:9 | g [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:46:5:46:7 | h [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:46:9:46:9 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:46:9:46:9 | h [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:49:5:49:7 | i [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:49:9:49:9 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| constructors.cpp:49:9:49:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:9:30:9:33 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:9:36:9:36 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:12:49:12:53 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:12:56:12:56 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:13:51:13:55 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:13:51:13:55 | inner [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:13:57:13:57 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:18:25:18:37 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:22:5:22:9 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:22:11:22:18 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:22:23:22:23 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:23:5:23:8 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:23:16:23:20 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:23:23:23:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:23:23:23:23 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:27:5:27:9 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:27:11:27:18 | call to getInner [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:27:11:27:18 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:27:23:27:26 | call to getInner [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:27:23:27:26 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:27:28:27:37 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:28:5:28:8 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:28:16:28:20 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:28:23:28:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:28:23:28:23 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:32:5:32:15 | call to getInner [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:32:5:32:15 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:32:17:32:21 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:32:23:32:30 | call to getInner [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:32:23:32:30 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:32:35:32:44 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:33:5:33:8 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:33:16:33:20 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:33:23:33:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:33:23:33:23 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:37:5:37:17 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:37:5:37:17 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:37:19:37:35 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:37:19:37:35 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:37:20:37:24 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:37:26:37:33 | call to getInner [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:37:26:37:33 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:37:38:37:47 | call to user_input [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:38:5:38:8 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:38:16:38:20 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:38:23:38:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:38:23:38:23 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:42:7:42:11 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:42:13:42:20 | call to getInner [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:42:13:42:20 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:42:25:42:25 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:43:5:43:8 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:43:16:43:20 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:43:23:43:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:43:23:43:23 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:47:6:47:11 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:47:7:47:11 | outer [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:47:15:47:22 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:47:27:47:27 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:48:5:48:8 | a [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:48:16:48:20 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:48:23:48:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| qualifiers.cpp:48:23:48:23 | a [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:24:42:24:56 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:25:11:25:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:26:5:26:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:27:5:27:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:30:9:30:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:31:9:31:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:32:9:32:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:34:9:34:12 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:34:10:34:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:34:10:34:10 | d [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:34:10:34:12 | ... ++ [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:34:17:34:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:36:5:36:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:39:5:39:96 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:42:5:42:10 | o [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:42:20:42:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:42:20:42:20 | o [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:48:14:48:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:48:34:48:34 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:49:9:49:15 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:49:13:49:15 | bar [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:49:20:49:22 | baz [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:51:9:51:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:53:9:53:15 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:53:13:53:15 | bar [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:53:20:53:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:53:35:53:43 | bufferLen [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:54:9:54:14 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:54:16:54:22 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:54:16:54:47 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:54:16:54:47 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:54:20:54:22 | bar [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:54:27:54:29 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:54:42:54:47 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:58:13:58:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:60:9:60:14 | dst [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:60:16:60:18 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:60:16:60:18 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:60:16:60:18 | dst [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:61:9:61:12 | bufferLen [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:61:14:61:55 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:61:21:61:27 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:61:25:61:27 | bar [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:61:32:61:34 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:61:47:61:55 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:61:47:61:55 | bufferLen [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:65:9:65:12 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:65:14:65:52 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:65:21:65:27 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:65:21:65:52 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:65:25:65:27 | bar [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:65:32:65:34 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:65:47:65:52 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:66:9:66:12 | dst [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:66:14:66:23 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:66:21:66:23 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:66:21:66:23 | dst [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:67:9:67:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| realistic.cpp:69:5:69:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:5:5:5:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:18:15:18:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:19:15:19:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:20:24:20:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:20:24:20:25 | a_ [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:21:24:21:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:21:24:21:25 | b_ [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:23:25:23:29 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:23:32:23:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:28:10:28:10 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:28:10:28:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:28:10:28:10 | f [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:28:12:28:12 | f [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:29:10:29:10 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:29:10:29:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:29:10:29:10 | f [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:29:12:29:12 | f [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:34:9:34:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:34:11:34:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:35:9:35:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:35:11:35:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:36:9:36:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:36:11:36:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:37:9:37:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:37:11:37:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:39:5:39:5 | f [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:39:7:39:10 | f [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:40:5:40:5 | g [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:40:7:40:10 | g [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:41:5:41:5 | h [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:41:7:41:10 | h [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:42:5:42:5 | h [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:42:7:42:10 | h [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:45:5:45:7 | f [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:45:9:45:9 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:45:9:45:9 | f [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:48:5:48:7 | g [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:48:9:48:9 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:48:9:48:9 | g [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:51:5:51:7 | h [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:51:9:51:9 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:51:9:51:9 | h [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:54:5:54:7 | i [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:54:9:54:9 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:54:9:54:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:65:7:65:7 | i [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:66:7:66:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:79:9:79:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:83:9:83:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:83:12:83:13 | f1 [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:84:14:84:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:84:14:84:20 | this [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:84:14:84:20 | this [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:92:7:92:7 | i [post update] | PostUpdateNode should not be the target of local flow. | +| simple.cpp:93:15:93:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:15:3:15:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:15:8:15:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:15:12:15:12 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:15:12:15:12 | a [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:16:3:16:6 | b [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:16:8:16:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:16:12:16:12 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:16:12:16:12 | b [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:20:17:20:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:20:17:20:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:22:3:22:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:22:11:22:11 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:22:11:22:11 | a [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:23:3:23:6 | b [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:23:11:23:11 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:23:11:23:11 | b [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:24:3:24:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:24:10:24:12 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:24:11:24:12 | ab [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:26:23:29:3 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:27:5:27:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:27:5:27:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:31:3:31:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:31:23:31:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:31:23:31:23 | a [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:32:3:32:6 | b [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:32:23:32:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:32:23:32:23 | b [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:33:3:33:6 | a [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:33:14:33:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:33:25:33:25 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:33:25:33:25 | a [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:34:3:34:6 | b [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:34:14:34:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:34:25:34:25 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:34:25:34:25 | b [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:36:3:36:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:36:10:36:24 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:36:17:36:24 | nestedAB [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:40:17:40:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:40:17:40:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:41:23:44:3 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:42:5:42:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:42:5:42:23 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:46:3:46:8 | pointerAB [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:46:16:46:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| struct_init.c:46:16:46:24 | pointerAB [post update] | PostUpdateNode should not be the target of local flow. | diff --git a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected index 897d2e72fe5..703bf4d4eb1 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected @@ -1,733 +1,1832 @@ edges -| A.cpp:23:10:23:10 | c | A.cpp:25:7:25:17 | Chi [c] | -| A.cpp:27:17:27:17 | c | A.cpp:27:22:27:32 | Chi [c] | -| A.cpp:28:8:28:10 | *#this [c] | A.cpp:28:29:28:29 | Store | -| A.cpp:55:5:55:5 | set output argument [c] | A.cpp:56:10:56:10 | b indirection [c] | +| A.cpp:23:10:23:10 | c | A.cpp:25:13:25:13 | c [post update] | +| A.cpp:25:13:25:13 | c [post update] | A.cpp:25:7:25:10 | this [post update] [c] | +| A.cpp:27:17:27:17 | c | A.cpp:27:28:27:28 | c [post update] | +| A.cpp:27:28:27:28 | c [post update] | A.cpp:27:22:27:25 | this [post update] [c] | +| A.cpp:28:8:28:10 | this [c] | A.cpp:28:23:28:26 | this [read] [c] | +| A.cpp:28:23:28:26 | this [read] [c] | A.cpp:28:29:28:29 | FieldAddress [read] | +| A.cpp:28:29:28:29 | FieldAddress [read] | A.cpp:28:8:28:10 | ReturnValue | +| A.cpp:29:23:29:23 | c | A.cpp:31:14:31:21 | c | +| A.cpp:31:14:31:21 | c | A.cpp:23:10:23:10 | c | +| A.cpp:31:14:31:21 | c | A.cpp:31:14:31:21 | new [post update] [c] | +| A.cpp:31:14:31:21 | new [post update] [c] | A.cpp:29:15:29:18 | ReturnValue [c] | +| A.cpp:47:12:47:18 | new | A.cpp:48:12:48:18 | c | +| A.cpp:48:12:48:18 | c | A.cpp:29:23:29:23 | c | +| A.cpp:48:12:48:18 | c | A.cpp:48:12:48:18 | call to make [c] | +| A.cpp:48:12:48:18 | call to make [c] | A.cpp:49:10:49:10 | b [read] [c] | +| A.cpp:49:10:49:10 | b [read] [c] | A.cpp:49:13:49:13 | FieldAddress [read] | +| A.cpp:49:13:49:13 | FieldAddress [read] | A.cpp:49:10:49:13 | (void *)... | +| A.cpp:55:8:55:10 | b [post update] [c] | A.cpp:56:13:56:15 | b [c] | | A.cpp:55:8:55:10 | new | A.cpp:27:17:27:17 | c | -| A.cpp:55:8:55:10 | new | A.cpp:55:5:55:5 | set output argument [c] | +| A.cpp:55:8:55:10 | new | A.cpp:55:8:55:10 | b [post update] [c] | | A.cpp:55:12:55:19 | (C *)... | A.cpp:55:8:55:10 | new | | A.cpp:55:12:55:19 | new | A.cpp:55:8:55:10 | new | -| A.cpp:56:10:56:10 | b indirection [c] | A.cpp:28:8:28:10 | *#this [c] | -| A.cpp:56:10:56:10 | b indirection [c] | A.cpp:56:13:56:15 | call to get | -| A.cpp:57:10:57:25 | new indirection [c] | A.cpp:28:8:28:10 | *#this [c] | -| A.cpp:57:10:57:25 | new indirection [c] | A.cpp:57:28:57:30 | call to get | -| A.cpp:57:11:57:24 | B output argument [c] | A.cpp:57:10:57:25 | new indirection [c] | +| A.cpp:56:13:56:15 | b [c] | A.cpp:28:8:28:10 | this [c] | +| A.cpp:56:13:56:15 | b [c] | A.cpp:56:13:56:15 | call to get | +| A.cpp:56:13:56:15 | b [c] | A.cpp:56:13:56:15 | call to get | +| A.cpp:56:13:56:15 | call to get | A.cpp:56:10:56:17 | (void *)... | | A.cpp:57:11:57:24 | new | A.cpp:23:10:23:10 | c | -| A.cpp:57:11:57:24 | new | A.cpp:57:11:57:24 | B output argument [c] | +| A.cpp:57:11:57:24 | new | A.cpp:57:11:57:24 | new [post update] [c] | +| A.cpp:57:11:57:24 | new [post update] [c] | A.cpp:57:28:57:30 | new [c] | | A.cpp:57:17:57:23 | new | A.cpp:57:11:57:24 | new | -| A.cpp:98:12:98:18 | new | A.cpp:100:5:100:13 | Chi [a] | -| A.cpp:100:5:100:13 | Chi [a] | A.cpp:101:8:101:9 | c1 indirection [a] | -| A.cpp:101:8:101:9 | c1 indirection [a] | A.cpp:103:14:103:14 | *c [a] | -| A.cpp:103:14:103:14 | *c [a] | A.cpp:107:16:107:16 | a | -| A.cpp:126:5:126:5 | Chi [c] | A.cpp:131:8:131:8 | f7 output argument [c] | -| A.cpp:126:5:126:5 | set output argument [c] | A.cpp:126:5:126:5 | Chi [c] | +| A.cpp:57:28:57:30 | call to get | A.cpp:57:10:57:32 | (void *)... | +| A.cpp:57:28:57:30 | new [c] | A.cpp:28:8:28:10 | this [c] | +| A.cpp:57:28:57:30 | new [c] | A.cpp:57:28:57:30 | call to get | +| A.cpp:57:28:57:30 | new [c] | A.cpp:57:28:57:30 | call to get | +| A.cpp:64:10:64:15 | call to setOnB [c] | A.cpp:66:10:66:11 | b2 [read] [c] | +| A.cpp:64:10:64:15 | new | A.cpp:64:10:64:15 | call to setOnB [c] | +| A.cpp:64:10:64:15 | new | A.cpp:85:26:85:26 | c | +| A.cpp:64:21:64:28 | (C *)... | A.cpp:64:10:64:15 | new | +| A.cpp:64:21:64:28 | new | A.cpp:64:10:64:15 | new | +| A.cpp:66:10:66:11 | b2 [read] [c] | A.cpp:66:14:66:14 | FieldAddress [read] | +| A.cpp:66:14:66:14 | FieldAddress [read] | A.cpp:66:10:66:14 | (void *)... | +| A.cpp:73:10:73:19 | call to setOnBWrap [c] | A.cpp:75:10:75:11 | b2 [read] [c] | +| A.cpp:73:10:73:19 | new | A.cpp:73:10:73:19 | call to setOnBWrap [c] | +| A.cpp:73:10:73:19 | new | A.cpp:78:27:78:27 | c | +| A.cpp:73:25:73:32 | (C *)... | A.cpp:73:10:73:19 | new | +| A.cpp:73:25:73:32 | new | A.cpp:73:10:73:19 | new | +| A.cpp:75:10:75:11 | b2 [read] [c] | A.cpp:75:14:75:14 | FieldAddress [read] | +| A.cpp:75:14:75:14 | FieldAddress [read] | A.cpp:75:10:75:14 | (void *)... | +| A.cpp:78:27:78:27 | c | A.cpp:81:10:81:15 | c | +| A.cpp:81:10:81:15 | c | A.cpp:81:10:81:15 | call to setOnB [c] | +| A.cpp:81:10:81:15 | c | A.cpp:85:26:85:26 | c | +| A.cpp:81:10:81:15 | call to setOnB [c] | A.cpp:78:6:78:15 | ReturnValue [c] | +| A.cpp:85:26:85:26 | c | A.cpp:90:11:90:13 | c | +| A.cpp:90:11:90:13 | b2 [post update] [c] | A.cpp:85:9:85:14 | ReturnValue [c] | +| A.cpp:90:11:90:13 | c | A.cpp:27:17:27:17 | c | +| A.cpp:90:11:90:13 | c | A.cpp:90:11:90:13 | b2 [post update] [c] | +| A.cpp:98:12:98:18 | new | A.cpp:100:9:100:9 | a [post update] | +| A.cpp:100:5:100:6 | c1 [post update] [a] | A.cpp:101:5:101:6 | c1 [a] | +| A.cpp:100:9:100:9 | a [post update] | A.cpp:100:5:100:6 | c1 [post update] [a] | +| A.cpp:101:5:101:6 | c1 [a] | A.cpp:103:14:103:14 | c [a] | +| A.cpp:103:14:103:14 | c [a] | A.cpp:107:12:107:13 | c1 [read] [a] | +| A.cpp:103:14:103:14 | c [a] | A.cpp:120:12:120:13 | c1 [read] [a] | +| A.cpp:107:12:107:13 | c1 [read] [a] | A.cpp:107:16:107:16 | FieldAddress [read] | +| A.cpp:107:16:107:16 | FieldAddress [read] | A.cpp:107:12:107:16 | (void *)... | +| A.cpp:120:12:120:13 | c1 [read] [a] | A.cpp:120:16:120:16 | FieldAddress [read] | +| A.cpp:120:16:120:16 | FieldAddress [read] | A.cpp:120:12:120:16 | (void *)... | +| A.cpp:126:5:126:5 | b [post update] [c] | A.cpp:131:5:131:6 | b [post update] [c] | +| A.cpp:126:8:126:10 | b [post update] [c] | A.cpp:126:5:126:5 | b [post update] [c] | +| A.cpp:126:8:126:10 | b [post update] [c] | A.cpp:131:5:131:6 | b [post update] [c] | | A.cpp:126:8:126:10 | new | A.cpp:27:17:27:17 | c | -| A.cpp:126:8:126:10 | new | A.cpp:126:5:126:5 | set output argument [c] | +| A.cpp:126:8:126:10 | new | A.cpp:126:8:126:10 | b [post update] [c] | | A.cpp:126:12:126:18 | new | A.cpp:126:8:126:10 | new | -| A.cpp:131:8:131:8 | Chi [c] | A.cpp:132:13:132:13 | c | -| A.cpp:131:8:131:8 | f7 output argument [c] | A.cpp:131:8:131:8 | Chi [c] | -| A.cpp:140:13:140:13 | b | A.cpp:143:7:143:31 | Chi [b] | -| A.cpp:142:7:142:20 | Chi [c] | A.cpp:151:18:151:18 | D output argument [c] | -| A.cpp:142:14:142:20 | new | A.cpp:142:7:142:20 | Chi [c] | -| A.cpp:143:7:143:31 | Chi [b] | A.cpp:151:12:151:24 | D output argument [b] | -| A.cpp:143:25:143:31 | new | A.cpp:143:7:143:31 | Chi [b] | +| A.cpp:131:5:131:6 | b [post update] [c] | A.cpp:132:10:132:10 | b [read] [c] | +| A.cpp:132:10:132:10 | b [read] [c] | A.cpp:132:13:132:13 | FieldAddress [read] | +| A.cpp:132:13:132:13 | FieldAddress [read] | A.cpp:132:10:132:13 | (void *)... | +| A.cpp:140:13:140:13 | b | A.cpp:143:13:143:13 | b [post update] | +| A.cpp:142:7:142:7 | b [post update] [c] | A.cpp:143:13:143:13 | b [post update] [c] | +| A.cpp:142:7:142:7 | b [post update] [c] | A.cpp:151:12:151:24 | b [post update] [c] | +| A.cpp:142:10:142:10 | c [post update] | A.cpp:142:7:142:7 | b [post update] [c] | +| A.cpp:142:14:142:20 | new | A.cpp:142:10:142:10 | c [post update] | +| A.cpp:143:7:143:10 | this [post update] [b, c] | A.cpp:151:12:151:24 | new [post update] [b, c] | +| A.cpp:143:7:143:10 | this [post update] [b] | A.cpp:151:12:151:24 | new [post update] [b] | +| A.cpp:143:13:143:13 | b [post update] | A.cpp:143:7:143:10 | this [post update] [b] | +| A.cpp:143:13:143:13 | b [post update] | A.cpp:143:7:143:10 | this [post update] [b] | +| A.cpp:143:13:143:13 | b [post update] [c] | A.cpp:143:7:143:10 | this [post update] [b, c] | +| A.cpp:143:25:143:31 | new | A.cpp:143:13:143:13 | b [post update] | | A.cpp:150:12:150:18 | new | A.cpp:151:12:151:24 | b | -| A.cpp:151:12:151:24 | Chi [b] | A.cpp:152:13:152:13 | b | -| A.cpp:151:12:151:24 | D output argument [b] | A.cpp:151:12:151:24 | Chi [b] | | A.cpp:151:12:151:24 | b | A.cpp:140:13:140:13 | b | -| A.cpp:151:12:151:24 | b | A.cpp:151:12:151:24 | D output argument [b] | -| A.cpp:151:18:151:18 | Chi [c] | A.cpp:154:13:154:13 | c | -| A.cpp:151:18:151:18 | D output argument [c] | A.cpp:151:18:151:18 | Chi [c] | -| C.cpp:18:12:18:18 | C output argument [s1] | C.cpp:19:5:19:5 | c indirection [s1] | -| C.cpp:18:12:18:18 | C output argument [s3] | C.cpp:19:5:19:5 | c indirection [s3] | -| C.cpp:19:5:19:5 | c indirection [s1] | C.cpp:27:8:27:11 | *#this [s1] | -| C.cpp:19:5:19:5 | c indirection [s3] | C.cpp:27:8:27:11 | *#this [s3] | -| C.cpp:22:12:22:21 | Chi [s1] | C.cpp:24:5:24:25 | Chi [s1] | -| C.cpp:22:12:22:21 | new | C.cpp:22:12:22:21 | Chi [s1] | -| C.cpp:24:5:24:25 | Chi [s1] | C.cpp:18:12:18:18 | C output argument [s1] | -| C.cpp:24:5:24:25 | Chi [s3] | C.cpp:18:12:18:18 | C output argument [s3] | -| C.cpp:24:16:24:25 | new | C.cpp:24:5:24:25 | Chi [s3] | -| C.cpp:27:8:27:11 | *#this [s1] | C.cpp:29:10:29:11 | s1 | -| C.cpp:27:8:27:11 | *#this [s3] | C.cpp:31:10:31:11 | s3 | -| aliasing.cpp:9:3:9:22 | Chi [m1] | aliasing.cpp:25:17:25:19 | pointerSetter output argument [m1] | -| aliasing.cpp:9:11:9:20 | call to user_input | aliasing.cpp:9:3:9:22 | Chi [m1] | -| aliasing.cpp:13:3:13:21 | Chi [m1] | aliasing.cpp:26:19:26:20 | referenceSetter output argument [m1] | -| aliasing.cpp:13:10:13:19 | call to user_input | aliasing.cpp:13:3:13:21 | Chi [m1] | -| aliasing.cpp:25:17:25:19 | Chi [m1] | aliasing.cpp:29:11:29:12 | m1 | -| aliasing.cpp:25:17:25:19 | pointerSetter output argument [m1] | aliasing.cpp:25:17:25:19 | Chi [m1] | -| aliasing.cpp:26:19:26:20 | Chi [m1] | aliasing.cpp:30:11:30:12 | m1 | -| aliasing.cpp:26:19:26:20 | referenceSetter output argument [m1] | aliasing.cpp:26:19:26:20 | Chi [m1] | -| aliasing.cpp:37:13:37:22 | call to user_input | aliasing.cpp:38:11:38:12 | m1 | -| aliasing.cpp:42:11:42:20 | call to user_input | aliasing.cpp:43:13:43:14 | m1 | -| aliasing.cpp:60:3:60:22 | Chi [m1] | aliasing.cpp:61:13:61:14 | Store [m1] | -| aliasing.cpp:60:11:60:20 | call to user_input | aliasing.cpp:60:3:60:22 | Chi [m1] | -| aliasing.cpp:61:13:61:14 | Store [m1] | aliasing.cpp:62:14:62:15 | m1 | -| aliasing.cpp:79:11:79:20 | call to user_input | aliasing.cpp:80:12:80:13 | m1 | -| aliasing.cpp:86:10:86:19 | call to user_input | aliasing.cpp:87:12:87:13 | m1 | -| aliasing.cpp:92:12:92:21 | call to user_input | aliasing.cpp:93:12:93:13 | m1 | -| aliasing.cpp:98:3:98:21 | Chi [m1] | aliasing.cpp:100:14:100:14 | Store [m1] | -| aliasing.cpp:98:10:98:19 | call to user_input | aliasing.cpp:98:3:98:21 | Chi [m1] | -| aliasing.cpp:100:14:100:14 | Store [m1] | aliasing.cpp:102:8:102:10 | * ... | -| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:121:15:121:16 | taint_a_ptr output argument [[]] | -| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:131:15:131:16 | taint_a_ptr output argument [[]] | -| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:136:15:136:17 | taint_a_ptr output argument [[]] | -| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:175:15:175:22 | taint_a_ptr output argument [[]] | -| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:187:15:187:22 | taint_a_ptr output argument [[]] | -| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:200:15:200:24 | taint_a_ptr output argument [[]] | -| aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:106:3:106:20 | Chi [[]] | -| aliasing.cpp:121:15:121:16 | Chi [[]] | aliasing.cpp:122:8:122:12 | access to array | -| aliasing.cpp:121:15:121:16 | taint_a_ptr output argument [[]] | aliasing.cpp:121:15:121:16 | Chi [[]] | -| aliasing.cpp:131:15:131:16 | Chi [[]] | aliasing.cpp:132:8:132:14 | * ... | -| aliasing.cpp:131:15:131:16 | taint_a_ptr output argument [[]] | aliasing.cpp:131:15:131:16 | Chi [[]] | -| aliasing.cpp:136:15:136:17 | Chi [[]] | aliasing.cpp:137:8:137:11 | * ... | -| aliasing.cpp:136:15:136:17 | taint_a_ptr output argument [[]] | aliasing.cpp:136:15:136:17 | Chi [[]] | -| aliasing.cpp:175:15:175:22 | Chi | aliasing.cpp:175:15:175:22 | Chi [m1] | -| aliasing.cpp:175:15:175:22 | Chi [m1] | aliasing.cpp:176:13:176:14 | m1 | -| aliasing.cpp:175:15:175:22 | taint_a_ptr output argument [[]] | aliasing.cpp:175:15:175:22 | Chi | -| aliasing.cpp:187:15:187:22 | Chi | aliasing.cpp:187:15:187:22 | Chi [m1] | -| aliasing.cpp:187:15:187:22 | Chi [m1] | aliasing.cpp:188:13:188:14 | Store [m1] | -| aliasing.cpp:187:15:187:22 | taint_a_ptr output argument [[]] | aliasing.cpp:187:15:187:22 | Chi | -| aliasing.cpp:188:13:188:14 | Store [m1] | aliasing.cpp:189:15:189:16 | m1 | -| aliasing.cpp:200:15:200:24 | Chi | aliasing.cpp:200:15:200:24 | Chi [m1] | -| aliasing.cpp:200:15:200:24 | Chi [m1] | aliasing.cpp:201:15:201:16 | m1 | -| aliasing.cpp:200:15:200:24 | taint_a_ptr output argument [[]] | aliasing.cpp:200:15:200:24 | Chi | +| A.cpp:151:12:151:24 | b | A.cpp:151:12:151:24 | new [post update] [b] | +| A.cpp:151:12:151:24 | b [post update] [c] | A.cpp:154:10:154:10 | b [read] [c] | +| A.cpp:151:12:151:24 | new [post update] [b, c] | A.cpp:153:10:153:10 | d [read] [b, c] | +| A.cpp:151:12:151:24 | new [post update] [b] | A.cpp:152:10:152:10 | d [read] [b] | +| A.cpp:152:10:152:10 | d [read] [b] | A.cpp:152:13:152:13 | FieldAddress [read] | +| A.cpp:152:13:152:13 | FieldAddress [read] | A.cpp:152:10:152:13 | (void *)... | +| A.cpp:153:10:153:10 | d [read] [b, c] | A.cpp:153:13:153:13 | FieldAddress [read] [c] | +| A.cpp:153:13:153:13 | FieldAddress [read] [c] | A.cpp:153:13:153:13 | b [read] [c] | +| A.cpp:153:13:153:13 | b [read] [c] | A.cpp:153:16:153:16 | FieldAddress [read] | +| A.cpp:153:16:153:16 | FieldAddress [read] | A.cpp:153:10:153:16 | (void *)... | +| A.cpp:154:10:154:10 | b [read] [c] | A.cpp:154:13:154:13 | FieldAddress [read] | +| A.cpp:154:13:154:13 | FieldAddress [read] | A.cpp:154:10:154:13 | (void *)... | +| A.cpp:159:12:159:18 | new | A.cpp:160:18:160:60 | b | +| A.cpp:160:18:160:60 | b | A.cpp:160:18:160:60 | new [post update] [head] | +| A.cpp:160:18:160:60 | b | A.cpp:181:15:181:21 | newHead | +| A.cpp:160:18:160:60 | new [post update] [head] | A.cpp:161:18:161:40 | l1 [head] | +| A.cpp:161:18:161:40 | l1 [head] | A.cpp:161:18:161:40 | new [post update] [next, head] | +| A.cpp:161:18:161:40 | l1 [head] | A.cpp:181:32:181:35 | next [head] | +| A.cpp:161:18:161:40 | new [post update] [next, head] | A.cpp:162:18:162:40 | l2 [next, head] | +| A.cpp:162:18:162:40 | l2 [next, head] | A.cpp:162:18:162:40 | new [post update] [next, next, head] | +| A.cpp:162:18:162:40 | l2 [next, head] | A.cpp:181:32:181:35 | next [next, head] | +| A.cpp:162:18:162:40 | new [post update] [next, next, head] | A.cpp:165:10:165:11 | l3 [read] [next, next, head] | +| A.cpp:162:18:162:40 | new [post update] [next, next, head] | A.cpp:167:44:167:44 | l [read] [next, next, head] | +| A.cpp:165:10:165:11 | l3 [read] [next, next, head] | A.cpp:165:14:165:17 | FieldAddress [read] [next, head] | +| A.cpp:165:14:165:17 | FieldAddress [read] [next, head] | A.cpp:165:14:165:17 | next [read] [next, head] | +| A.cpp:165:14:165:17 | next [read] [next, head] | A.cpp:165:20:165:23 | FieldAddress [read] [head] | +| A.cpp:165:20:165:23 | FieldAddress [read] [head] | A.cpp:165:20:165:23 | next [read] [head] | +| A.cpp:165:20:165:23 | next [read] [head] | A.cpp:165:26:165:29 | FieldAddress [read] | +| A.cpp:165:26:165:29 | FieldAddress [read] | A.cpp:165:10:165:29 | (void *)... | +| A.cpp:167:44:167:44 | l [read] [next, head] | A.cpp:167:47:167:50 | FieldAddress [read] [head] | +| A.cpp:167:44:167:44 | l [read] [next, next, head] | A.cpp:167:47:167:50 | FieldAddress [read] [next, head] | +| A.cpp:167:47:167:50 | FieldAddress [read] [head] | A.cpp:169:12:169:12 | l [read] [head] | +| A.cpp:167:47:167:50 | FieldAddress [read] [next, head] | A.cpp:167:44:167:44 | l [read] [next, head] | +| A.cpp:169:12:169:12 | l [read] [head] | A.cpp:169:15:169:18 | FieldAddress [read] | +| A.cpp:169:15:169:18 | FieldAddress [read] | A.cpp:169:12:169:18 | (void *)... | +| A.cpp:181:15:181:21 | newHead | A.cpp:183:7:183:10 | head [post update] | +| A.cpp:181:32:181:35 | next [head] | A.cpp:184:13:184:16 | next [post update] [head] | +| A.cpp:181:32:181:35 | next [next, head] | A.cpp:184:13:184:16 | next [post update] [next, head] | +| A.cpp:183:7:183:10 | head [post update] | A.cpp:183:7:183:10 | this [post update] [head] | +| A.cpp:184:13:184:16 | next [post update] [head] | A.cpp:184:7:184:10 | this [post update] [next, head] | +| A.cpp:184:13:184:16 | next [post update] [next, head] | A.cpp:184:7:184:10 | this [post update] [next, next, head] | +| B.cpp:6:15:6:24 | new | B.cpp:7:16:7:35 | e | +| B.cpp:7:16:7:35 | e | B.cpp:7:16:7:35 | new [post update] [elem1] | +| B.cpp:7:16:7:35 | e | B.cpp:33:16:33:17 | e1 | +| B.cpp:7:16:7:35 | new [post update] [elem1] | B.cpp:8:16:8:27 | b1 [elem1] | +| B.cpp:8:16:8:27 | b1 [elem1] | B.cpp:8:16:8:27 | new [post update] [box1, elem1] | +| B.cpp:8:16:8:27 | b1 [elem1] | B.cpp:44:16:44:17 | b1 [elem1] | +| B.cpp:8:16:8:27 | new [post update] [box1, elem1] | B.cpp:9:10:9:11 | b2 [read] [box1, elem1] | +| B.cpp:9:10:9:11 | b2 [read] [box1, elem1] | B.cpp:9:14:9:17 | FieldAddress [read] [elem1] | +| B.cpp:9:14:9:17 | FieldAddress [read] [elem1] | B.cpp:9:14:9:17 | box1 [read] [elem1] | +| B.cpp:9:14:9:17 | box1 [read] [elem1] | B.cpp:9:20:9:24 | FieldAddress [read] | +| B.cpp:9:20:9:24 | FieldAddress [read] | B.cpp:9:10:9:24 | (void *)... | +| B.cpp:15:15:15:27 | new | B.cpp:16:16:16:38 | e | +| B.cpp:16:16:16:38 | e | B.cpp:16:16:16:38 | new [post update] [elem2] | +| B.cpp:16:16:16:38 | e | B.cpp:33:26:33:27 | e2 | +| B.cpp:16:16:16:38 | new [post update] [elem2] | B.cpp:17:16:17:27 | b1 [elem2] | +| B.cpp:17:16:17:27 | b1 [elem2] | B.cpp:17:16:17:27 | new [post update] [box1, elem2] | +| B.cpp:17:16:17:27 | b1 [elem2] | B.cpp:44:16:44:17 | b1 [elem2] | +| B.cpp:17:16:17:27 | new [post update] [box1, elem2] | B.cpp:19:10:19:11 | b2 [read] [box1, elem2] | +| B.cpp:19:10:19:11 | b2 [read] [box1, elem2] | B.cpp:19:14:19:17 | FieldAddress [read] [elem2] | +| B.cpp:19:14:19:17 | FieldAddress [read] [elem2] | B.cpp:19:14:19:17 | box1 [read] [elem2] | +| B.cpp:19:14:19:17 | box1 [read] [elem2] | B.cpp:19:20:19:24 | FieldAddress [read] | +| B.cpp:19:20:19:24 | FieldAddress [read] | B.cpp:19:10:19:24 | (void *)... | +| B.cpp:33:16:33:17 | e1 | B.cpp:35:13:35:17 | elem1 [post update] | +| B.cpp:33:26:33:27 | e2 | B.cpp:36:13:36:17 | elem2 [post update] | +| B.cpp:35:13:35:17 | elem1 [post update] | B.cpp:35:7:35:10 | this [post update] [elem1] | +| B.cpp:36:13:36:17 | elem2 [post update] | B.cpp:36:7:36:10 | this [post update] [elem2] | +| B.cpp:44:16:44:17 | b1 [elem1] | B.cpp:46:13:46:16 | box1 [post update] [elem1] | +| B.cpp:44:16:44:17 | b1 [elem2] | B.cpp:46:13:46:16 | box1 [post update] [elem2] | +| B.cpp:46:13:46:16 | box1 [post update] [elem1] | B.cpp:46:7:46:10 | this [post update] [box1, elem1] | +| B.cpp:46:13:46:16 | box1 [post update] [elem2] | B.cpp:46:7:46:10 | this [post update] [box1, elem2] | +| C.cpp:18:12:18:18 | new [post update] [s1] | C.cpp:19:8:19:11 | c [s1] | +| C.cpp:19:8:19:11 | c [s1] | C.cpp:27:8:27:11 | this [s1] | +| C.cpp:22:3:22:3 | this [post update] [s1] | C.cpp:18:12:18:18 | new [post update] [s1] | +| C.cpp:22:9:22:22 | FieldAddress [post update] | C.cpp:22:3:22:3 | this [post update] [s1] | +| C.cpp:22:12:22:21 | new | C.cpp:22:9:22:22 | FieldAddress [post update] | +| C.cpp:27:8:27:11 | this [s1] | C.cpp:29:10:29:11 | this [read] [s1] | +| C.cpp:29:10:29:11 | FieldAddress [read] | C.cpp:29:10:29:11 | s1 | +| C.cpp:29:10:29:11 | this [read] [s1] | C.cpp:29:10:29:11 | FieldAddress [read] | +| D.cpp:10:11:10:17 | this [elem] | D.cpp:10:30:10:33 | this [read] [elem] | +| D.cpp:10:30:10:33 | FieldAddress [read] | D.cpp:10:11:10:17 | ReturnValue | +| D.cpp:10:30:10:33 | this [read] [elem] | D.cpp:10:30:10:33 | FieldAddress [read] | +| D.cpp:11:24:11:24 | e | D.cpp:11:29:11:32 | elem [post update] | +| D.cpp:11:29:11:32 | elem [post update] | D.cpp:11:29:11:32 | this [post update] [elem] | +| D.cpp:17:11:17:17 | this [box, elem] | D.cpp:17:30:17:32 | this [read] [box, elem] | +| D.cpp:17:30:17:32 | FieldAddress [read] [elem] | D.cpp:17:11:17:17 | ReturnValue [elem] | +| D.cpp:17:30:17:32 | this [read] [box, elem] | D.cpp:17:30:17:32 | FieldAddress [read] [elem] | +| D.cpp:21:30:21:31 | b2 [box, elem] | D.cpp:22:14:22:20 | b2 [box, elem] | +| D.cpp:22:14:22:20 | b2 [box, elem] | D.cpp:17:11:17:17 | this [box, elem] | +| D.cpp:22:14:22:20 | b2 [box, elem] | D.cpp:22:14:22:20 | call to getBox1 [elem] | +| D.cpp:22:14:22:20 | call to getBox1 [elem] | D.cpp:22:25:22:31 | call to getBox1 [elem] | +| D.cpp:22:25:22:31 | call to getBox1 [elem] | D.cpp:10:11:10:17 | this [elem] | +| D.cpp:22:25:22:31 | call to getBox1 [elem] | D.cpp:22:25:22:31 | call to getElem | +| D.cpp:22:25:22:31 | call to getBox1 [elem] | D.cpp:22:25:22:31 | call to getElem | +| D.cpp:22:25:22:31 | call to getElem | D.cpp:22:10:22:33 | (void *)... | +| D.cpp:28:15:28:24 | new | D.cpp:30:13:30:16 | elem [post update] | +| D.cpp:30:5:30:5 | b [post update] [box, elem] | D.cpp:31:5:31:12 | b [box, elem] | +| D.cpp:30:8:30:10 | FieldAddress [post update] [elem] | D.cpp:30:5:30:5 | b [post update] [box, elem] | +| D.cpp:30:8:30:10 | box [post update] [elem] | D.cpp:30:8:30:10 | FieldAddress [post update] [elem] | +| D.cpp:30:13:30:16 | elem [post update] | D.cpp:30:8:30:10 | box [post update] [elem] | +| D.cpp:31:5:31:12 | b [box, elem] | D.cpp:21:30:21:31 | b2 [box, elem] | +| D.cpp:35:15:35:24 | new | D.cpp:37:13:37:19 | e | +| D.cpp:37:5:37:5 | b [post update] [box, elem] | D.cpp:38:5:38:12 | b [box, elem] | +| D.cpp:37:8:37:10 | FieldAddress [post update] [elem] | D.cpp:37:5:37:5 | b [post update] [box, elem] | +| D.cpp:37:13:37:19 | box [post update] [elem] | D.cpp:37:8:37:10 | FieldAddress [post update] [elem] | +| D.cpp:37:13:37:19 | e | D.cpp:11:24:11:24 | e | +| D.cpp:37:13:37:19 | e | D.cpp:37:13:37:19 | box [post update] [elem] | +| D.cpp:38:5:38:12 | b [box, elem] | D.cpp:21:30:21:31 | b2 [box, elem] | +| D.cpp:42:15:42:24 | new | D.cpp:44:19:44:22 | elem [post update] | +| D.cpp:44:8:44:14 | b [post update] [box, elem] | D.cpp:45:5:45:12 | b [box, elem] | +| D.cpp:44:8:44:14 | call to getBox1 [post update] [elem] | D.cpp:44:8:44:14 | b [post update] [box, elem] | +| D.cpp:44:19:44:22 | elem [post update] | D.cpp:44:8:44:14 | call to getBox1 [post update] [elem] | +| D.cpp:45:5:45:12 | b [box, elem] | D.cpp:21:30:21:31 | b2 [box, elem] | +| D.cpp:49:15:49:24 | new | D.cpp:51:19:51:25 | e | +| D.cpp:51:8:51:14 | b [post update] [box, elem] | D.cpp:52:5:52:12 | b [box, elem] | +| D.cpp:51:8:51:14 | call to getBox1 [post update] [elem] | D.cpp:51:8:51:14 | b [post update] [box, elem] | +| D.cpp:51:19:51:25 | call to getBox1 [post update] [elem] | D.cpp:51:8:51:14 | call to getBox1 [post update] [elem] | +| D.cpp:51:19:51:25 | e | D.cpp:11:24:11:24 | e | +| D.cpp:51:19:51:25 | e | D.cpp:51:19:51:25 | call to getBox1 [post update] [elem] | +| D.cpp:52:5:52:12 | b [box, elem] | D.cpp:21:30:21:31 | b2 [box, elem] | +| D.cpp:56:15:56:24 | new | D.cpp:58:20:58:23 | elem [post update] | +| D.cpp:58:5:58:12 | FieldAddress [post update] [box, elem] | D.cpp:58:5:58:12 | this [post update] [boxfield, box, elem] | +| D.cpp:58:5:58:12 | boxfield [post update] [box, elem] | D.cpp:58:5:58:12 | FieldAddress [post update] [box, elem] | +| D.cpp:58:5:58:12 | this [post update] [boxfield, box, elem] | D.cpp:59:5:59:7 | this [boxfield, box, elem] | +| D.cpp:58:15:58:17 | FieldAddress [post update] [elem] | D.cpp:58:5:58:12 | boxfield [post update] [box, elem] | +| D.cpp:58:15:58:17 | box [post update] [elem] | D.cpp:58:15:58:17 | FieldAddress [post update] [elem] | +| D.cpp:58:20:58:23 | elem [post update] | D.cpp:58:15:58:17 | box [post update] [elem] | +| D.cpp:59:5:59:7 | this [boxfield, box, elem] | D.cpp:63:8:63:10 | this [boxfield, box, elem] | +| D.cpp:63:8:63:10 | this [boxfield, box, elem] | D.cpp:64:10:64:17 | this [read] [boxfield, box, elem] | +| D.cpp:64:10:64:17 | FieldAddress [read] [box, elem] | D.cpp:64:10:64:17 | boxfield [read] [box, elem] | +| D.cpp:64:10:64:17 | boxfield [read] [box, elem] | D.cpp:64:20:64:22 | FieldAddress [read] [elem] | +| D.cpp:64:10:64:17 | this [read] [boxfield, box, elem] | D.cpp:64:10:64:17 | FieldAddress [read] [box, elem] | +| D.cpp:64:20:64:22 | FieldAddress [read] [elem] | D.cpp:64:20:64:22 | box [read] [elem] | +| D.cpp:64:20:64:22 | box [read] [elem] | D.cpp:64:25:64:28 | FieldAddress [read] | +| D.cpp:64:25:64:28 | FieldAddress [read] | D.cpp:64:10:64:28 | (void *)... | +| E.cpp:19:27:19:27 | *p [data, buffer] | E.cpp:21:10:21:10 | p [read] [data, buffer] | +| E.cpp:21:10:21:10 | p [read] [data, buffer] | E.cpp:21:13:21:16 | data [read] [buffer] | +| E.cpp:21:13:21:16 | data [read] [buffer] | E.cpp:21:18:21:23 | FieldAddress [read] | +| E.cpp:21:18:21:23 | FieldAddress [read] | E.cpp:21:18:21:23 | buffer | +| E.cpp:28:21:28:23 | argument_source output argument | E.cpp:31:10:31:12 | raw | +| E.cpp:29:21:29:21 | b [post update] [buffer] | E.cpp:32:10:32:10 | b [read] [buffer] | +| E.cpp:29:21:29:29 | argument_source output argument | E.cpp:29:24:29:29 | FieldAddress [post update] | +| E.cpp:29:24:29:29 | FieldAddress [post update] | E.cpp:29:21:29:21 | b [post update] [buffer] | +| E.cpp:30:21:30:21 | p [post update] [data, buffer] | E.cpp:33:18:33:19 | & ... indirection [data, buffer] | +| E.cpp:30:21:30:33 | argument_source output argument | E.cpp:30:28:30:33 | FieldAddress [post update] | +| E.cpp:30:23:30:26 | data [post update] [buffer] | E.cpp:30:21:30:21 | p [post update] [data, buffer] | +| E.cpp:30:28:30:33 | FieldAddress [post update] | E.cpp:30:23:30:26 | data [post update] [buffer] | +| E.cpp:32:10:32:10 | b [read] [buffer] | E.cpp:32:13:32:18 | FieldAddress [read] | +| E.cpp:32:13:32:18 | FieldAddress [read] | E.cpp:32:13:32:18 | buffer | +| E.cpp:33:18:33:19 | & ... indirection [data, buffer] | E.cpp:19:27:19:27 | *p [data, buffer] | +| aliasing.cpp:9:3:9:3 | s [post update] [m1] | aliasing.cpp:25:3:25:15 | & ... [post update] [m1] | +| aliasing.cpp:9:6:9:7 | m1 [post update] | aliasing.cpp:9:3:9:3 | s [post update] [m1] | +| aliasing.cpp:9:11:9:20 | call to user_input | aliasing.cpp:9:6:9:7 | m1 [post update] | +| aliasing.cpp:13:3:13:3 | (reference dereference) [post update] [m1] | aliasing.cpp:13:3:13:3 | s [post update] [m1] | +| aliasing.cpp:13:3:13:3 | (reference dereference) [post update] [m1] | aliasing.cpp:26:3:26:17 | s2 [post update] [m1] | +| aliasing.cpp:13:3:13:3 | s [post update] [m1] | aliasing.cpp:26:3:26:17 | s2 [post update] [m1] | +| aliasing.cpp:13:5:13:6 | m1 [post update] | aliasing.cpp:13:3:13:3 | (reference dereference) [post update] [m1] | +| aliasing.cpp:13:10:13:19 | call to user_input | aliasing.cpp:13:5:13:6 | m1 [post update] | +| aliasing.cpp:25:3:25:15 | & ... [post update] [m1] | aliasing.cpp:29:8:29:9 | s1 [read] [m1] | +| aliasing.cpp:26:3:26:17 | s2 [post update] [m1] | aliasing.cpp:30:8:30:9 | s2 [read] [m1] | +| aliasing.cpp:29:8:29:9 | s1 [read] [m1] | aliasing.cpp:29:11:29:12 | FieldAddress [read] | +| aliasing.cpp:29:11:29:12 | FieldAddress [read] | aliasing.cpp:29:11:29:12 | m1 | +| aliasing.cpp:30:8:30:9 | s2 [read] [m1] | aliasing.cpp:30:11:30:12 | FieldAddress [read] | +| aliasing.cpp:30:11:30:12 | FieldAddress [read] | aliasing.cpp:30:11:30:12 | m1 | +| aliasing.cpp:60:3:60:4 | s2 [post update] [m1] | aliasing.cpp:62:8:62:12 | copy2 [read] [m1] | +| aliasing.cpp:60:6:60:7 | m1 [post update] | aliasing.cpp:60:3:60:4 | s2 [post update] [m1] | +| aliasing.cpp:60:11:60:20 | call to user_input | aliasing.cpp:60:6:60:7 | m1 [post update] | +| aliasing.cpp:62:8:62:12 | copy2 [read] [m1] | aliasing.cpp:62:14:62:15 | FieldAddress [read] | +| aliasing.cpp:62:14:62:15 | FieldAddress [read] | aliasing.cpp:62:14:62:15 | m1 | +| aliasing.cpp:92:3:92:3 | w [post update] [s, m1] | aliasing.cpp:93:8:93:8 | w [read] [s, m1] | +| aliasing.cpp:92:5:92:5 | s [post update] [m1] | aliasing.cpp:92:3:92:3 | w [post update] [s, m1] | +| aliasing.cpp:92:7:92:8 | m1 [post update] | aliasing.cpp:92:5:92:5 | s [post update] [m1] | +| aliasing.cpp:92:12:92:21 | call to user_input | aliasing.cpp:92:7:92:8 | m1 [post update] | +| aliasing.cpp:93:8:93:8 | w [read] [s, m1] | aliasing.cpp:93:10:93:10 | s [read] [m1] | +| aliasing.cpp:93:10:93:10 | s [read] [m1] | aliasing.cpp:93:12:93:13 | FieldAddress [read] | +| aliasing.cpp:93:12:93:13 | FieldAddress [read] | aliasing.cpp:93:12:93:13 | m1 | +| aliasing.cpp:106:3:106:5 | * ... [post update] | aliasing.cpp:141:3:141:13 | data [post update] | +| aliasing.cpp:106:3:106:5 | * ... [post update] | aliasing.cpp:158:3:158:13 | data [post update] | +| aliasing.cpp:106:3:106:5 | * ... [post update] | aliasing.cpp:164:3:164:13 | data [post update] | +| aliasing.cpp:106:3:106:5 | * ... [post update] | aliasing.cpp:175:3:175:13 | & ... [post update] | +| aliasing.cpp:106:3:106:5 | * ... [post update] | aliasing.cpp:187:3:187:13 | & ... [post update] | +| aliasing.cpp:106:3:106:5 | * ... [post update] | aliasing.cpp:200:3:200:13 | & ... [post update] | +| aliasing.cpp:106:4:106:5 | pa [post update] | aliasing.cpp:141:3:141:13 | data [post update] | +| aliasing.cpp:106:4:106:5 | pa [post update] | aliasing.cpp:158:3:158:13 | data [post update] | +| aliasing.cpp:106:4:106:5 | pa [post update] | aliasing.cpp:164:3:164:13 | data [post update] | +| aliasing.cpp:106:4:106:5 | pa [post update] | aliasing.cpp:175:3:175:13 | & ... [post update] | +| aliasing.cpp:106:4:106:5 | pa [post update] | aliasing.cpp:187:3:187:13 | & ... [post update] | +| aliasing.cpp:106:4:106:5 | pa [post update] | aliasing.cpp:200:3:200:13 | & ... [post update] | +| aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:106:3:106:5 | * ... [post update] | +| aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:106:4:106:5 | pa [post update] | +| aliasing.cpp:141:3:141:13 | data [post update] | aliasing.cpp:141:17:141:20 | FieldAddress [post update] | +| aliasing.cpp:141:15:141:15 | s [post update] [data] | aliasing.cpp:143:8:143:8 | s [read] [data] | +| aliasing.cpp:141:17:141:20 | FieldAddress [post update] | aliasing.cpp:141:15:141:15 | s [post update] [data] | +| aliasing.cpp:143:8:143:8 | s [read] [data] | aliasing.cpp:143:10:143:13 | FieldAddress [read] | +| aliasing.cpp:143:10:143:13 | FieldAddress [read] | aliasing.cpp:143:8:143:16 | access to array | +| aliasing.cpp:158:3:158:13 | data [post update] | aliasing.cpp:158:17:158:20 | data [post update] | +| aliasing.cpp:158:15:158:15 | s [post update] [data] | aliasing.cpp:159:9:159:9 | s [read] [data] | +| aliasing.cpp:158:17:158:20 | data [post update] | aliasing.cpp:158:15:158:15 | s [post update] [data] | +| aliasing.cpp:159:9:159:9 | s [read] [data] | aliasing.cpp:159:11:159:14 | data [read] | +| aliasing.cpp:159:11:159:14 | data [read] | aliasing.cpp:159:8:159:14 | * ... | +| aliasing.cpp:164:3:164:13 | data [post update] | aliasing.cpp:164:17:164:20 | data [post update] | +| aliasing.cpp:164:15:164:15 | s [post update] [data] | aliasing.cpp:165:8:165:8 | s [read] [data] | +| aliasing.cpp:164:17:164:20 | data [post update] | aliasing.cpp:164:15:164:15 | s [post update] [data] | +| aliasing.cpp:165:8:165:8 | s [read] [data] | aliasing.cpp:165:10:165:13 | data [read] | +| aliasing.cpp:165:10:165:13 | data [read] | aliasing.cpp:165:8:165:16 | access to array | +| aliasing.cpp:175:3:175:13 | & ... [post update] | aliasing.cpp:175:21:175:22 | m1 [post update] | +| aliasing.cpp:175:16:175:17 | s2 [post update] [s, m1] | aliasing.cpp:176:8:176:9 | s2 [read] [s, m1] | +| aliasing.cpp:175:19:175:19 | s [post update] [m1] | aliasing.cpp:175:16:175:17 | s2 [post update] [s, m1] | +| aliasing.cpp:175:21:175:22 | m1 [post update] | aliasing.cpp:175:19:175:19 | s [post update] [m1] | +| aliasing.cpp:176:8:176:9 | s2 [read] [s, m1] | aliasing.cpp:176:11:176:11 | s [read] [m1] | +| aliasing.cpp:176:11:176:11 | s [read] [m1] | aliasing.cpp:176:13:176:14 | FieldAddress [read] | +| aliasing.cpp:176:13:176:14 | FieldAddress [read] | aliasing.cpp:176:13:176:14 | m1 | +| aliasing.cpp:187:3:187:13 | & ... [post update] | aliasing.cpp:187:21:187:22 | m1 [post update] | +| aliasing.cpp:187:16:187:17 | s2 [post update] [s, m1] | aliasing.cpp:189:8:189:11 | s2_2 [read] [s, m1] | +| aliasing.cpp:187:19:187:19 | s [post update] [m1] | aliasing.cpp:187:16:187:17 | s2 [post update] [s, m1] | +| aliasing.cpp:187:21:187:22 | m1 [post update] | aliasing.cpp:187:19:187:19 | s [post update] [m1] | +| aliasing.cpp:189:8:189:11 | s2_2 [read] [s, m1] | aliasing.cpp:189:13:189:13 | s [read] [m1] | +| aliasing.cpp:189:13:189:13 | s [read] [m1] | aliasing.cpp:189:15:189:16 | FieldAddress [read] | +| aliasing.cpp:189:15:189:16 | FieldAddress [read] | aliasing.cpp:189:15:189:16 | m1 | +| aliasing.cpp:200:3:200:13 | & ... [post update] | aliasing.cpp:200:23:200:24 | m1 [post update] | +| aliasing.cpp:200:16:200:18 | ps2 [post update] [s, m1] | aliasing.cpp:201:8:201:10 | ps2 [read] [s, m1] | +| aliasing.cpp:200:21:200:21 | s [post update] [m1] | aliasing.cpp:200:16:200:18 | ps2 [post update] [s, m1] | +| aliasing.cpp:200:23:200:24 | m1 [post update] | aliasing.cpp:200:21:200:21 | s [post update] [m1] | +| aliasing.cpp:201:8:201:10 | ps2 [read] [s, m1] | aliasing.cpp:201:13:201:13 | s [read] [m1] | +| aliasing.cpp:201:13:201:13 | s [read] [m1] | aliasing.cpp:201:15:201:16 | FieldAddress [read] | +| aliasing.cpp:201:15:201:16 | FieldAddress [read] | aliasing.cpp:201:15:201:16 | m1 | | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:7:8:7:13 | access to array | +| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:8:8:8:13 | access to array | | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:9:8:9:11 | * ... | | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:10:8:10:15 | * ... | | arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:16:8:16:13 | access to array | -| arrays.cpp:36:26:36:35 | call to user_input | arrays.cpp:37:24:37:27 | data | -| by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:16 | Chi [a] | -| by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:19 | Chi [a] | +| arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:17:8:17:13 | access to array | +| arrays.cpp:36:3:36:3 | o [post update] [nested, arr, data] | arrays.cpp:37:8:37:8 | o [read] [nested, arr, data] | +| arrays.cpp:36:3:36:3 | o [post update] [nested, arr, data] | arrays.cpp:38:8:38:8 | o [read] [nested, arr, data] | +| arrays.cpp:36:3:36:17 | access to array [post update] [data] | arrays.cpp:36:12:36:14 | arr [post update] [data] | +| arrays.cpp:36:5:36:10 | nested [post update] [arr, data] | arrays.cpp:36:3:36:3 | o [post update] [nested, arr, data] | +| arrays.cpp:36:12:36:14 | arr [post update] [data] | arrays.cpp:36:5:36:10 | nested [post update] [arr, data] | +| arrays.cpp:36:19:36:22 | data [post update] | arrays.cpp:36:3:36:17 | access to array [post update] [data] | +| arrays.cpp:36:26:36:35 | call to user_input | arrays.cpp:36:19:36:22 | data [post update] | +| arrays.cpp:37:8:37:8 | o [read] [nested, arr, data] | arrays.cpp:37:10:37:15 | nested [read] [arr, data] | +| arrays.cpp:37:8:37:22 | access to array [read] [data] | arrays.cpp:37:24:37:27 | FieldAddress [read] | +| arrays.cpp:37:10:37:15 | nested [read] [arr, data] | arrays.cpp:37:17:37:19 | arr [read] [data] | +| arrays.cpp:37:17:37:19 | arr [read] [data] | arrays.cpp:37:8:37:22 | access to array [read] [data] | +| arrays.cpp:37:24:37:27 | FieldAddress [read] | arrays.cpp:37:24:37:27 | data | +| arrays.cpp:38:8:38:8 | o [read] [nested, arr, data] | arrays.cpp:38:10:38:15 | nested [read] [arr, data] | +| arrays.cpp:38:8:38:22 | access to array [read] [data] | arrays.cpp:38:24:38:27 | FieldAddress [read] | +| arrays.cpp:38:10:38:15 | nested [read] [arr, data] | arrays.cpp:38:17:38:19 | arr [read] [data] | +| arrays.cpp:38:17:38:19 | arr [read] [data] | arrays.cpp:38:8:38:22 | access to array [read] [data] | +| arrays.cpp:38:24:38:27 | FieldAddress [read] | arrays.cpp:38:24:38:27 | data | +| arrays.cpp:42:3:42:3 | o [post update] [indirect, arr, data] | arrays.cpp:43:8:43:8 | o [read] [indirect, arr, data] | +| arrays.cpp:42:3:42:3 | o [post update] [indirect, arr, data] | arrays.cpp:44:8:44:8 | o [read] [indirect, arr, data] | +| arrays.cpp:42:3:42:20 | access to array [post update] [data] | arrays.cpp:42:15:42:17 | arr [post update] [data] | +| arrays.cpp:42:5:42:12 | FieldAddress [post update] [arr, data] | arrays.cpp:42:3:42:3 | o [post update] [indirect, arr, data] | +| arrays.cpp:42:5:42:12 | indirect [post update] [arr, data] | arrays.cpp:42:5:42:12 | FieldAddress [post update] [arr, data] | +| arrays.cpp:42:15:42:17 | arr [post update] [data] | arrays.cpp:42:5:42:12 | indirect [post update] [arr, data] | +| arrays.cpp:42:22:42:25 | data [post update] | arrays.cpp:42:3:42:20 | access to array [post update] [data] | +| arrays.cpp:42:29:42:38 | call to user_input | arrays.cpp:42:22:42:25 | data [post update] | +| arrays.cpp:43:8:43:8 | o [read] [indirect, arr, data] | arrays.cpp:43:10:43:17 | FieldAddress [read] [arr, data] | +| arrays.cpp:43:8:43:25 | access to array [read] [data] | arrays.cpp:43:27:43:30 | FieldAddress [read] | +| arrays.cpp:43:10:43:17 | FieldAddress [read] [arr, data] | arrays.cpp:43:10:43:17 | indirect [read] [arr, data] | +| arrays.cpp:43:10:43:17 | indirect [read] [arr, data] | arrays.cpp:43:20:43:22 | arr [read] [data] | +| arrays.cpp:43:20:43:22 | arr [read] [data] | arrays.cpp:43:8:43:25 | access to array [read] [data] | +| arrays.cpp:43:27:43:30 | FieldAddress [read] | arrays.cpp:43:27:43:30 | data | +| arrays.cpp:44:8:44:8 | o [read] [indirect, arr, data] | arrays.cpp:44:10:44:17 | FieldAddress [read] [arr, data] | +| arrays.cpp:44:8:44:25 | access to array [read] [data] | arrays.cpp:44:27:44:30 | FieldAddress [read] | +| arrays.cpp:44:10:44:17 | FieldAddress [read] [arr, data] | arrays.cpp:44:10:44:17 | indirect [read] [arr, data] | +| arrays.cpp:44:10:44:17 | indirect [read] [arr, data] | arrays.cpp:44:20:44:22 | arr [read] [data] | +| arrays.cpp:44:20:44:22 | arr [read] [data] | arrays.cpp:44:8:44:25 | access to array [read] [data] | +| arrays.cpp:44:27:44:30 | FieldAddress [read] | arrays.cpp:44:27:44:30 | data | +| arrays.cpp:48:3:48:3 | o [post update] [indirect, ptr, data] | arrays.cpp:49:8:49:8 | o [read] [indirect, ptr, data] | +| arrays.cpp:48:3:48:3 | o [post update] [indirect, ptr, data] | arrays.cpp:50:8:50:8 | o [read] [indirect, ptr, data] | +| arrays.cpp:48:3:48:20 | access to array [post update] [data] | arrays.cpp:48:15:48:17 | FieldAddress [post update] [data] | +| arrays.cpp:48:5:48:12 | FieldAddress [post update] [ptr, data] | arrays.cpp:48:3:48:3 | o [post update] [indirect, ptr, data] | +| arrays.cpp:48:5:48:12 | indirect [post update] [ptr, data] | arrays.cpp:48:5:48:12 | FieldAddress [post update] [ptr, data] | +| arrays.cpp:48:15:48:17 | FieldAddress [post update] [data] | arrays.cpp:48:5:48:12 | indirect [post update] [ptr, data] | +| arrays.cpp:48:22:48:25 | data [post update] | arrays.cpp:48:3:48:20 | access to array [post update] [data] | +| arrays.cpp:48:29:48:38 | call to user_input | arrays.cpp:48:22:48:25 | data [post update] | +| arrays.cpp:49:8:49:8 | o [read] [indirect, ptr, data] | arrays.cpp:49:10:49:17 | FieldAddress [read] [ptr, data] | +| arrays.cpp:49:8:49:25 | access to array [read] [data] | arrays.cpp:49:27:49:30 | FieldAddress [read] | +| arrays.cpp:49:10:49:17 | FieldAddress [read] [ptr, data] | arrays.cpp:49:10:49:17 | indirect [read] [ptr, data] | +| arrays.cpp:49:10:49:17 | indirect [read] [ptr, data] | arrays.cpp:49:20:49:22 | FieldAddress [read] [data] | +| arrays.cpp:49:20:49:22 | FieldAddress [read] [data] | arrays.cpp:49:8:49:25 | access to array [read] [data] | +| arrays.cpp:49:27:49:30 | FieldAddress [read] | arrays.cpp:49:27:49:30 | data | +| arrays.cpp:50:8:50:8 | o [read] [indirect, ptr, data] | arrays.cpp:50:10:50:17 | FieldAddress [read] [ptr, data] | +| arrays.cpp:50:8:50:25 | access to array [read] [data] | arrays.cpp:50:27:50:30 | FieldAddress [read] | +| arrays.cpp:50:10:50:17 | FieldAddress [read] [ptr, data] | arrays.cpp:50:10:50:17 | indirect [read] [ptr, data] | +| arrays.cpp:50:10:50:17 | indirect [read] [ptr, data] | arrays.cpp:50:20:50:22 | FieldAddress [read] [data] | +| arrays.cpp:50:20:50:22 | FieldAddress [read] [data] | arrays.cpp:50:8:50:25 | access to array [read] [data] | +| arrays.cpp:50:27:50:30 | FieldAddress [read] | arrays.cpp:50:27:50:30 | data | +| by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:8:12:8 | a [post update] | +| by_reference.cpp:12:8:12:8 | a [post update] | by_reference.cpp:12:5:12:5 | s [post update] [a] | +| by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:11:16:11 | a [post update] | +| by_reference.cpp:16:11:16:11 | a [post update] | by_reference.cpp:16:5:16:8 | this [post update] [a] | | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:20:11:20:21 | value | -| by_reference.cpp:20:5:20:8 | setDirectly output argument [a] | by_reference.cpp:20:5:20:8 | Chi [a] | +| by_reference.cpp:20:11:20:21 | this [post update] [a] | by_reference.cpp:20:5:20:8 | this [post update] [a] | | by_reference.cpp:20:11:20:21 | value | by_reference.cpp:15:26:15:30 | value | -| by_reference.cpp:20:11:20:21 | value | by_reference.cpp:20:5:20:8 | setDirectly output argument [a] | +| by_reference.cpp:20:11:20:21 | value | by_reference.cpp:20:11:20:21 | this [post update] [a] | | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:24:5:24:17 | value | +| by_reference.cpp:24:5:24:17 | this [post update] [a] | by_reference.cpp:24:19:24:22 | this [post update] [a] | | by_reference.cpp:24:5:24:17 | value | by_reference.cpp:11:48:11:52 | value | -| by_reference.cpp:24:5:24:17 | value | by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] | -| by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] | by_reference.cpp:24:19:24:22 | Chi [a] | -| by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:32:15:32:15 | Store | -| by_reference.cpp:35:9:35:19 | *#this [a] | by_reference.cpp:36:18:36:18 | Store | -| by_reference.cpp:39:9:39:21 | *#this [a] | by_reference.cpp:40:12:40:15 | this indirection [a] | -| by_reference.cpp:40:12:40:15 | this indirection [a] | by_reference.cpp:35:9:35:19 | *#this [a] | -| by_reference.cpp:40:12:40:15 | this indirection [a] | by_reference.cpp:40:18:40:28 | call to getDirectly | -| by_reference.cpp:40:18:40:28 | call to getDirectly | by_reference.cpp:40:18:40:28 | Store | -| by_reference.cpp:43:9:43:27 | *#this [a] | by_reference.cpp:44:26:44:29 | this indirection [a] | -| by_reference.cpp:44:12:44:24 | call to nonMemberGetA | by_reference.cpp:44:12:44:24 | Store | -| by_reference.cpp:44:26:44:29 | this indirection [a] | by_reference.cpp:31:46:31:46 | *s [a] | -| by_reference.cpp:44:26:44:29 | this indirection [a] | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | -| by_reference.cpp:50:3:50:3 | setDirectly output argument [a] | by_reference.cpp:51:8:51:8 | s indirection [a] | +| by_reference.cpp:24:5:24:17 | value | by_reference.cpp:24:5:24:17 | this [post update] [a] | +| by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:32:12:32:12 | s [read] [a] | +| by_reference.cpp:31:46:31:46 | s [a] | by_reference.cpp:32:12:32:12 | s [read] [a] | +| by_reference.cpp:32:12:32:12 | s [read] [a] | by_reference.cpp:32:15:32:15 | FieldAddress [read] | +| by_reference.cpp:32:12:32:12 | s [read] [a] | by_reference.cpp:32:15:32:15 | FieldAddress [read] | +| by_reference.cpp:32:15:32:15 | FieldAddress [read] | by_reference.cpp:31:16:31:28 | ReturnValue | +| by_reference.cpp:32:15:32:15 | FieldAddress [read] | by_reference.cpp:31:16:31:28 | ReturnValue | +| by_reference.cpp:35:9:35:19 | *#this [a] | by_reference.cpp:36:12:36:15 | this [read] [a] | +| by_reference.cpp:35:9:35:19 | this [a] | by_reference.cpp:36:12:36:15 | this [read] [a] | +| by_reference.cpp:36:12:36:15 | this [read] [a] | by_reference.cpp:36:18:36:18 | FieldAddress [read] | +| by_reference.cpp:36:12:36:15 | this [read] [a] | by_reference.cpp:36:18:36:18 | FieldAddress [read] | +| by_reference.cpp:36:18:36:18 | FieldAddress [read] | by_reference.cpp:35:9:35:19 | ReturnValue | +| by_reference.cpp:36:18:36:18 | FieldAddress [read] | by_reference.cpp:35:9:35:19 | ReturnValue | +| by_reference.cpp:39:9:39:21 | *#this [a] | by_reference.cpp:40:18:40:28 | this [a] | +| by_reference.cpp:40:18:40:28 | call to getDirectly | by_reference.cpp:39:9:39:21 | ReturnValue | +| by_reference.cpp:40:18:40:28 | this [a] | by_reference.cpp:35:9:35:19 | this [a] | +| by_reference.cpp:40:18:40:28 | this [a] | by_reference.cpp:40:18:40:28 | call to getDirectly | +| by_reference.cpp:43:9:43:27 | *#this [a] | by_reference.cpp:44:12:44:24 | this [a] | +| by_reference.cpp:44:12:44:24 | call to nonMemberGetA | by_reference.cpp:43:9:43:27 | ReturnValue | +| by_reference.cpp:44:12:44:24 | this [a] | by_reference.cpp:31:46:31:46 | s [a] | +| by_reference.cpp:44:12:44:24 | this [a] | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | | by_reference.cpp:50:5:50:15 | call to user_input | by_reference.cpp:15:26:15:30 | value | -| by_reference.cpp:50:5:50:15 | call to user_input | by_reference.cpp:50:3:50:3 | setDirectly output argument [a] | +| by_reference.cpp:50:5:50:15 | call to user_input | by_reference.cpp:50:5:50:15 | s [post update] [a] | +| by_reference.cpp:50:5:50:15 | s [post update] [a] | by_reference.cpp:51:8:51:8 | s indirection [a] | | by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:50:5:50:15 | call to user_input | | by_reference.cpp:51:8:51:8 | s indirection [a] | by_reference.cpp:35:9:35:19 | *#this [a] | | by_reference.cpp:51:8:51:8 | s indirection [a] | by_reference.cpp:51:10:51:20 | call to getDirectly | -| by_reference.cpp:56:3:56:3 | setIndirectly output argument [a] | by_reference.cpp:57:8:57:8 | s indirection [a] | | by_reference.cpp:56:5:56:17 | call to user_input | by_reference.cpp:19:28:19:32 | value | -| by_reference.cpp:56:5:56:17 | call to user_input | by_reference.cpp:56:3:56:3 | setIndirectly output argument [a] | +| by_reference.cpp:56:5:56:17 | call to user_input | by_reference.cpp:56:5:56:17 | s [post update] [a] | +| by_reference.cpp:56:5:56:17 | s [post update] [a] | by_reference.cpp:57:8:57:8 | s indirection [a] | | by_reference.cpp:56:19:56:28 | call to user_input | by_reference.cpp:56:5:56:17 | call to user_input | | by_reference.cpp:57:8:57:8 | s indirection [a] | by_reference.cpp:39:9:39:21 | *#this [a] | | by_reference.cpp:57:8:57:8 | s indirection [a] | by_reference.cpp:57:10:57:22 | call to getIndirectly | -| by_reference.cpp:62:3:62:3 | setThroughNonMember output argument [a] | by_reference.cpp:63:8:63:8 | s indirection [a] | | by_reference.cpp:62:5:62:23 | call to user_input | by_reference.cpp:23:34:23:38 | value | -| by_reference.cpp:62:5:62:23 | call to user_input | by_reference.cpp:62:3:62:3 | setThroughNonMember output argument [a] | +| by_reference.cpp:62:5:62:23 | call to user_input | by_reference.cpp:62:5:62:23 | s [post update] [a] | +| by_reference.cpp:62:5:62:23 | s [post update] [a] | by_reference.cpp:63:8:63:8 | s indirection [a] | | by_reference.cpp:62:25:62:34 | call to user_input | by_reference.cpp:62:5:62:23 | call to user_input | | by_reference.cpp:63:8:63:8 | s indirection [a] | by_reference.cpp:43:9:43:27 | *#this [a] | | by_reference.cpp:63:8:63:8 | s indirection [a] | by_reference.cpp:63:10:63:28 | call to getThroughNonMember | +| by_reference.cpp:68:3:68:15 | & ... [post update] [a] | by_reference.cpp:69:22:69:23 | & ... indirection [a] | | by_reference.cpp:68:3:68:15 | call to user_input | by_reference.cpp:11:48:11:52 | value | -| by_reference.cpp:68:3:68:15 | call to user_input | by_reference.cpp:68:17:68:18 | nonMemberSetA output argument [a] | -| by_reference.cpp:68:17:68:18 | nonMemberSetA output argument [a] | by_reference.cpp:69:22:69:23 | & ... indirection [a] | +| by_reference.cpp:68:3:68:15 | call to user_input | by_reference.cpp:68:3:68:15 | & ... [post update] [a] | | by_reference.cpp:68:21:68:30 | call to user_input | by_reference.cpp:68:3:68:15 | call to user_input | | by_reference.cpp:69:22:69:23 | & ... indirection [a] | by_reference.cpp:31:46:31:46 | *s [a] | | by_reference.cpp:69:22:69:23 | & ... indirection [a] | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | -| by_reference.cpp:84:3:84:25 | Chi [a] | by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | -| by_reference.cpp:84:3:84:25 | Chi [a] | by_reference.cpp:106:21:106:41 | taint_inner_a_ptr output argument [a] | -| by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:84:3:84:25 | Chi [a] | -| by_reference.cpp:88:3:88:24 | Chi [a] | by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] | -| by_reference.cpp:88:3:88:24 | Chi [a] | by_reference.cpp:126:21:126:40 | taint_inner_a_ref output argument [a] | -| by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:88:3:88:24 | Chi [a] | -| by_reference.cpp:92:3:92:20 | Chi [[]] | by_reference.cpp:104:15:104:22 | taint_a_ptr output argument [[]] | -| by_reference.cpp:92:3:92:20 | Chi [[]] | by_reference.cpp:108:15:108:24 | taint_a_ptr output argument [[]] | -| by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:92:3:92:20 | Chi [[]] | -| by_reference.cpp:96:3:96:19 | Chi [[]] | by_reference.cpp:124:15:124:21 | taint_a_ref output argument [[]] | -| by_reference.cpp:96:3:96:19 | Chi [[]] | by_reference.cpp:128:15:128:23 | taint_a_ref output argument [[]] | -| by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:96:3:96:19 | Chi [[]] | -| by_reference.cpp:102:21:102:39 | Chi [a] | by_reference.cpp:110:27:110:27 | a | -| by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | by_reference.cpp:102:21:102:39 | Chi [a] | -| by_reference.cpp:104:15:104:22 | Chi | by_reference.cpp:104:15:104:22 | Chi [a] | -| by_reference.cpp:104:15:104:22 | Chi [a] | by_reference.cpp:112:14:112:14 | a | -| by_reference.cpp:104:15:104:22 | taint_a_ptr output argument [[]] | by_reference.cpp:104:15:104:22 | Chi | -| by_reference.cpp:106:21:106:41 | Chi [a] | by_reference.cpp:114:29:114:29 | a | -| by_reference.cpp:106:21:106:41 | taint_inner_a_ptr output argument [a] | by_reference.cpp:106:21:106:41 | Chi [a] | -| by_reference.cpp:108:15:108:24 | Chi | by_reference.cpp:108:15:108:24 | Chi [a] | -| by_reference.cpp:108:15:108:24 | Chi [a] | by_reference.cpp:116:16:116:16 | a | -| by_reference.cpp:108:15:108:24 | taint_a_ptr output argument [[]] | by_reference.cpp:108:15:108:24 | Chi | -| by_reference.cpp:122:21:122:38 | Chi [a] | by_reference.cpp:130:27:130:27 | a | -| by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] | by_reference.cpp:122:21:122:38 | Chi [a] | -| by_reference.cpp:124:15:124:21 | Chi | by_reference.cpp:124:15:124:21 | Chi [a] | -| by_reference.cpp:124:15:124:21 | Chi [a] | by_reference.cpp:132:14:132:14 | a | -| by_reference.cpp:124:15:124:21 | taint_a_ref output argument [[]] | by_reference.cpp:124:15:124:21 | Chi | -| by_reference.cpp:126:21:126:40 | Chi [a] | by_reference.cpp:134:29:134:29 | a | -| by_reference.cpp:126:21:126:40 | taint_inner_a_ref output argument [a] | by_reference.cpp:126:21:126:40 | Chi [a] | -| by_reference.cpp:128:15:128:23 | Chi | by_reference.cpp:128:15:128:23 | Chi [a] | -| by_reference.cpp:128:15:128:23 | Chi [a] | by_reference.cpp:136:16:136:16 | a | -| by_reference.cpp:128:15:128:23 | taint_a_ref output argument [[]] | by_reference.cpp:128:15:128:23 | Chi | -| complex.cpp:9:7:9:7 | *#this [a_] | complex.cpp:9:20:9:21 | Store | -| complex.cpp:10:7:10:7 | *#this [b_] | complex.cpp:10:20:10:21 | Store | -| complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:27 | Chi [a_] | -| complex.cpp:12:8:12:11 | *#this [a_] | complex.cpp:12:22:12:27 | Chi [a_] | -| complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:27 | Chi [b_] | -| complex.cpp:40:17:40:17 | *b [a_] | complex.cpp:42:16:42:16 | f indirection [a_] | -| complex.cpp:40:17:40:17 | *b [b_] | complex.cpp:42:16:42:16 | f indirection [b_] | -| complex.cpp:40:17:40:17 | *b [b_] | complex.cpp:43:16:43:16 | f indirection [b_] | -| complex.cpp:42:16:42:16 | a output argument [b_] | complex.cpp:43:16:43:16 | f indirection [b_] | -| complex.cpp:42:16:42:16 | f indirection [a_] | complex.cpp:9:7:9:7 | *#this [a_] | -| complex.cpp:42:16:42:16 | f indirection [a_] | complex.cpp:42:18:42:18 | call to a | -| complex.cpp:42:16:42:16 | f indirection [b_] | complex.cpp:9:7:9:7 | *#this [b_] | -| complex.cpp:42:16:42:16 | f indirection [b_] | complex.cpp:42:16:42:16 | a output argument [b_] | -| complex.cpp:43:16:43:16 | f indirection [b_] | complex.cpp:10:7:10:7 | *#this [b_] | -| complex.cpp:43:16:43:16 | f indirection [b_] | complex.cpp:43:18:43:18 | call to b | -| complex.cpp:53:12:53:12 | setA output argument [a_] | complex.cpp:59:7:59:8 | b1 indirection [a_] | +| by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:102:3:102:19 | & ... [post update] [a] | +| by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:103:3:103:19 | inner_ptr [post update] [a] | +| by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:106:3:106:19 | & ... [post update] [a] | +| by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:107:3:107:19 | inner_ptr [post update] [a] | +| by_reference.cpp:84:10:84:10 | a [post update] | by_reference.cpp:84:3:84:7 | inner [post update] [a] | +| by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:84:10:84:10 | a [post update] | +| by_reference.cpp:88:3:88:7 | (reference dereference) [post update] [a] | by_reference.cpp:88:3:88:7 | inner [post update] [a] | +| by_reference.cpp:88:3:88:7 | (reference dereference) [post update] [a] | by_reference.cpp:122:3:122:19 | inner_nested [post update] [a] | +| by_reference.cpp:88:3:88:7 | (reference dereference) [post update] [a] | by_reference.cpp:123:3:123:19 | * ... [post update] [a] | +| by_reference.cpp:88:3:88:7 | (reference dereference) [post update] [a] | by_reference.cpp:126:3:126:19 | inner_nested [post update] [a] | +| by_reference.cpp:88:3:88:7 | (reference dereference) [post update] [a] | by_reference.cpp:127:3:127:19 | * ... [post update] [a] | +| by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:122:3:122:19 | inner_nested [post update] [a] | +| by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:123:3:123:19 | * ... [post update] [a] | +| by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:126:3:126:19 | inner_nested [post update] [a] | +| by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:127:3:127:19 | * ... [post update] [a] | +| by_reference.cpp:88:9:88:9 | a [post update] | by_reference.cpp:88:3:88:7 | (reference dereference) [post update] [a] | +| by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:88:9:88:9 | a [post update] | +| by_reference.cpp:92:3:92:5 | * ... [post update] | by_reference.cpp:104:3:104:13 | & ... [post update] | +| by_reference.cpp:92:3:92:5 | * ... [post update] | by_reference.cpp:108:3:108:13 | & ... [post update] | +| by_reference.cpp:92:4:92:5 | pa [post update] | by_reference.cpp:104:3:104:13 | & ... [post update] | +| by_reference.cpp:92:4:92:5 | pa [post update] | by_reference.cpp:108:3:108:13 | & ... [post update] | +| by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:92:3:92:5 | * ... [post update] | +| by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:92:4:92:5 | pa [post update] | +| by_reference.cpp:96:3:96:4 | (reference dereference) [post update] | by_reference.cpp:124:3:124:13 | a [post update] | +| by_reference.cpp:96:3:96:4 | (reference dereference) [post update] | by_reference.cpp:128:3:128:13 | a [post update] | +| by_reference.cpp:96:3:96:4 | pa [post update] | by_reference.cpp:124:3:124:13 | a [post update] | +| by_reference.cpp:96:3:96:4 | pa [post update] | by_reference.cpp:128:3:128:13 | a [post update] | +| by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:96:3:96:4 | (reference dereference) [post update] | +| by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:96:3:96:4 | pa [post update] | +| by_reference.cpp:102:3:102:19 | & ... [post update] [a] | by_reference.cpp:102:28:102:39 | inner_nested [post update] [a] | +| by_reference.cpp:102:22:102:26 | outer [post update] [inner_nested, a] | by_reference.cpp:110:8:110:12 | outer [read] [inner_nested, a] | +| by_reference.cpp:102:28:102:39 | inner_nested [post update] [a] | by_reference.cpp:102:22:102:26 | outer [post update] [inner_nested, a] | +| by_reference.cpp:103:3:103:19 | inner_ptr [post update] [a] | by_reference.cpp:103:27:103:35 | FieldAddress [post update] [a] | +| by_reference.cpp:103:21:103:25 | outer [post update] [inner_ptr, a] | by_reference.cpp:111:8:111:12 | outer [read] [inner_ptr, a] | +| by_reference.cpp:103:27:103:35 | FieldAddress [post update] [a] | by_reference.cpp:103:21:103:25 | outer [post update] [inner_ptr, a] | +| by_reference.cpp:104:3:104:13 | & ... [post update] | by_reference.cpp:104:22:104:22 | a [post update] | +| by_reference.cpp:104:16:104:20 | outer [post update] [a] | by_reference.cpp:112:8:112:12 | outer [read] [a] | +| by_reference.cpp:104:22:104:22 | a [post update] | by_reference.cpp:104:16:104:20 | outer [post update] [a] | +| by_reference.cpp:106:3:106:19 | & ... [post update] [a] | by_reference.cpp:106:30:106:41 | inner_nested [post update] [a] | +| by_reference.cpp:106:22:106:27 | pouter [post update] [inner_nested, a] | by_reference.cpp:114:8:114:13 | pouter [read] [inner_nested, a] | +| by_reference.cpp:106:30:106:41 | inner_nested [post update] [a] | by_reference.cpp:106:22:106:27 | pouter [post update] [inner_nested, a] | +| by_reference.cpp:107:3:107:19 | inner_ptr [post update] [a] | by_reference.cpp:107:29:107:37 | FieldAddress [post update] [a] | +| by_reference.cpp:107:21:107:26 | pouter [post update] [inner_ptr, a] | by_reference.cpp:115:8:115:13 | pouter [read] [inner_ptr, a] | +| by_reference.cpp:107:29:107:37 | FieldAddress [post update] [a] | by_reference.cpp:107:21:107:26 | pouter [post update] [inner_ptr, a] | +| by_reference.cpp:108:3:108:13 | & ... [post update] | by_reference.cpp:108:24:108:24 | a [post update] | +| by_reference.cpp:108:16:108:21 | pouter [post update] [a] | by_reference.cpp:116:8:116:13 | pouter [read] [a] | +| by_reference.cpp:108:24:108:24 | a [post update] | by_reference.cpp:108:16:108:21 | pouter [post update] [a] | +| by_reference.cpp:110:8:110:12 | outer [read] [inner_nested, a] | by_reference.cpp:110:14:110:25 | inner_nested [read] [a] | +| by_reference.cpp:110:14:110:25 | inner_nested [read] [a] | by_reference.cpp:110:27:110:27 | FieldAddress [read] | +| by_reference.cpp:110:27:110:27 | FieldAddress [read] | by_reference.cpp:110:27:110:27 | a | +| by_reference.cpp:111:8:111:12 | outer [read] [inner_ptr, a] | by_reference.cpp:111:14:111:22 | FieldAddress [read] [a] | +| by_reference.cpp:111:14:111:22 | FieldAddress [read] [a] | by_reference.cpp:111:14:111:22 | inner_ptr [read] [a] | +| by_reference.cpp:111:14:111:22 | inner_ptr [read] [a] | by_reference.cpp:111:25:111:25 | FieldAddress [read] | +| by_reference.cpp:111:25:111:25 | FieldAddress [read] | by_reference.cpp:111:25:111:25 | a | +| by_reference.cpp:112:8:112:12 | outer [read] [a] | by_reference.cpp:112:14:112:14 | FieldAddress [read] | +| by_reference.cpp:112:14:112:14 | FieldAddress [read] | by_reference.cpp:112:14:112:14 | a | +| by_reference.cpp:114:8:114:13 | pouter [read] [inner_nested, a] | by_reference.cpp:114:16:114:27 | inner_nested [read] [a] | +| by_reference.cpp:114:16:114:27 | inner_nested [read] [a] | by_reference.cpp:114:29:114:29 | FieldAddress [read] | +| by_reference.cpp:114:29:114:29 | FieldAddress [read] | by_reference.cpp:114:29:114:29 | a | +| by_reference.cpp:115:8:115:13 | pouter [read] [inner_ptr, a] | by_reference.cpp:115:16:115:24 | FieldAddress [read] [a] | +| by_reference.cpp:115:16:115:24 | FieldAddress [read] [a] | by_reference.cpp:115:16:115:24 | inner_ptr [read] [a] | +| by_reference.cpp:115:16:115:24 | inner_ptr [read] [a] | by_reference.cpp:115:27:115:27 | FieldAddress [read] | +| by_reference.cpp:115:27:115:27 | FieldAddress [read] | by_reference.cpp:115:27:115:27 | a | +| by_reference.cpp:116:8:116:13 | pouter [read] [a] | by_reference.cpp:116:16:116:16 | FieldAddress [read] | +| by_reference.cpp:116:16:116:16 | FieldAddress [read] | by_reference.cpp:116:16:116:16 | a | +| by_reference.cpp:122:3:122:19 | inner_nested [post update] [a] | by_reference.cpp:122:27:122:38 | inner_nested [post update] [a] | +| by_reference.cpp:122:21:122:25 | outer [post update] [inner_nested, a] | by_reference.cpp:130:8:130:12 | outer [read] [inner_nested, a] | +| by_reference.cpp:122:27:122:38 | inner_nested [post update] [a] | by_reference.cpp:122:21:122:25 | outer [post update] [inner_nested, a] | +| by_reference.cpp:123:3:123:19 | * ... [post update] [a] | by_reference.cpp:123:28:123:36 | FieldAddress [post update] [a] | +| by_reference.cpp:123:22:123:26 | outer [post update] [inner_ptr, a] | by_reference.cpp:131:8:131:12 | outer [read] [inner_ptr, a] | +| by_reference.cpp:123:28:123:36 | FieldAddress [post update] [a] | by_reference.cpp:123:22:123:26 | outer [post update] [inner_ptr, a] | +| by_reference.cpp:124:3:124:13 | a [post update] | by_reference.cpp:124:21:124:21 | a [post update] | +| by_reference.cpp:124:15:124:19 | outer [post update] [a] | by_reference.cpp:132:8:132:12 | outer [read] [a] | +| by_reference.cpp:124:21:124:21 | a [post update] | by_reference.cpp:124:15:124:19 | outer [post update] [a] | +| by_reference.cpp:126:3:126:19 | inner_nested [post update] [a] | by_reference.cpp:126:29:126:40 | inner_nested [post update] [a] | +| by_reference.cpp:126:21:126:26 | pouter [post update] [inner_nested, a] | by_reference.cpp:134:8:134:13 | pouter [read] [inner_nested, a] | +| by_reference.cpp:126:29:126:40 | inner_nested [post update] [a] | by_reference.cpp:126:21:126:26 | pouter [post update] [inner_nested, a] | +| by_reference.cpp:127:3:127:19 | * ... [post update] [a] | by_reference.cpp:127:30:127:38 | FieldAddress [post update] [a] | +| by_reference.cpp:127:22:127:27 | pouter [post update] [inner_ptr, a] | by_reference.cpp:135:8:135:13 | pouter [read] [inner_ptr, a] | +| by_reference.cpp:127:30:127:38 | FieldAddress [post update] [a] | by_reference.cpp:127:22:127:27 | pouter [post update] [inner_ptr, a] | +| by_reference.cpp:128:3:128:13 | a [post update] | by_reference.cpp:128:23:128:23 | a [post update] | +| by_reference.cpp:128:15:128:20 | pouter [post update] [a] | by_reference.cpp:136:8:136:13 | pouter [read] [a] | +| by_reference.cpp:128:23:128:23 | a [post update] | by_reference.cpp:128:15:128:20 | pouter [post update] [a] | +| by_reference.cpp:130:8:130:12 | outer [read] [inner_nested, a] | by_reference.cpp:130:14:130:25 | inner_nested [read] [a] | +| by_reference.cpp:130:14:130:25 | inner_nested [read] [a] | by_reference.cpp:130:27:130:27 | FieldAddress [read] | +| by_reference.cpp:130:27:130:27 | FieldAddress [read] | by_reference.cpp:130:27:130:27 | a | +| by_reference.cpp:131:8:131:12 | outer [read] [inner_ptr, a] | by_reference.cpp:131:14:131:22 | FieldAddress [read] [a] | +| by_reference.cpp:131:14:131:22 | FieldAddress [read] [a] | by_reference.cpp:131:14:131:22 | inner_ptr [read] [a] | +| by_reference.cpp:131:14:131:22 | inner_ptr [read] [a] | by_reference.cpp:131:25:131:25 | FieldAddress [read] | +| by_reference.cpp:131:25:131:25 | FieldAddress [read] | by_reference.cpp:131:25:131:25 | a | +| by_reference.cpp:132:8:132:12 | outer [read] [a] | by_reference.cpp:132:14:132:14 | FieldAddress [read] | +| by_reference.cpp:132:14:132:14 | FieldAddress [read] | by_reference.cpp:132:14:132:14 | a | +| by_reference.cpp:134:8:134:13 | pouter [read] [inner_nested, a] | by_reference.cpp:134:16:134:27 | inner_nested [read] [a] | +| by_reference.cpp:134:16:134:27 | inner_nested [read] [a] | by_reference.cpp:134:29:134:29 | FieldAddress [read] | +| by_reference.cpp:134:29:134:29 | FieldAddress [read] | by_reference.cpp:134:29:134:29 | a | +| by_reference.cpp:135:8:135:13 | pouter [read] [inner_ptr, a] | by_reference.cpp:135:16:135:24 | FieldAddress [read] [a] | +| by_reference.cpp:135:16:135:24 | FieldAddress [read] [a] | by_reference.cpp:135:16:135:24 | inner_ptr [read] [a] | +| by_reference.cpp:135:16:135:24 | inner_ptr [read] [a] | by_reference.cpp:135:27:135:27 | FieldAddress [read] | +| by_reference.cpp:135:27:135:27 | FieldAddress [read] | by_reference.cpp:135:27:135:27 | a | +| by_reference.cpp:136:8:136:13 | pouter [read] [a] | by_reference.cpp:136:16:136:16 | FieldAddress [read] | +| by_reference.cpp:136:16:136:16 | FieldAddress [read] | by_reference.cpp:136:16:136:16 | a | +| complex.cpp:9:7:9:7 | this [a_] | complex.cpp:9:20:9:21 | this [read] [a_] | +| complex.cpp:9:20:9:21 | FieldAddress [read] | complex.cpp:9:7:9:7 | ReturnValue | +| complex.cpp:9:20:9:21 | this [read] [a_] | complex.cpp:9:20:9:21 | FieldAddress [read] | +| complex.cpp:10:7:10:7 | this [b_] | complex.cpp:10:20:10:21 | this [read] [b_] | +| complex.cpp:10:20:10:21 | FieldAddress [read] | complex.cpp:10:7:10:7 | ReturnValue | +| complex.cpp:10:20:10:21 | this [read] [b_] | complex.cpp:10:20:10:21 | FieldAddress [read] | +| complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:23 | a_ [post update] | +| complex.cpp:11:22:11:23 | a_ [post update] | complex.cpp:11:22:11:23 | this [post update] [a_] | +| complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:23 | b_ [post update] | +| complex.cpp:12:22:12:23 | b_ [post update] | complex.cpp:12:22:12:23 | this [post update] [b_] | +| complex.cpp:40:17:40:17 | b [inner, f, a_] | complex.cpp:42:8:42:8 | (reference dereference) [read] [inner, f, a_] | +| complex.cpp:40:17:40:17 | b [inner, f, b_] | complex.cpp:43:8:43:8 | (reference dereference) [read] [inner, f, b_] | +| complex.cpp:42:8:42:8 | (reference dereference) [read] [inner, f, a_] | complex.cpp:42:10:42:14 | inner [read] [f, a_] | +| complex.cpp:42:10:42:14 | inner [read] [f, a_] | complex.cpp:42:16:42:16 | f [read] [a_] | +| complex.cpp:42:16:42:16 | f [read] [a_] | complex.cpp:42:18:42:18 | f [a_] | +| complex.cpp:42:18:42:18 | f [a_] | complex.cpp:9:7:9:7 | this [a_] | +| complex.cpp:42:18:42:18 | f [a_] | complex.cpp:42:18:42:18 | call to a | +| complex.cpp:43:8:43:8 | (reference dereference) [read] [inner, f, b_] | complex.cpp:43:10:43:14 | inner [read] [f, b_] | +| complex.cpp:43:10:43:14 | inner [read] [f, b_] | complex.cpp:43:16:43:16 | f [read] [b_] | +| complex.cpp:43:16:43:16 | f [read] [b_] | complex.cpp:43:18:43:18 | f [b_] | +| complex.cpp:43:18:43:18 | f [b_] | complex.cpp:10:7:10:7 | this [b_] | +| complex.cpp:43:18:43:18 | f [b_] | complex.cpp:43:18:43:18 | call to b | +| complex.cpp:53:3:53:4 | b1 [post update] [inner, f, a_] | complex.cpp:59:3:59:5 | b1 [inner, f, a_] | +| complex.cpp:53:6:53:10 | inner [post update] [f, a_] | complex.cpp:53:3:53:4 | b1 [post update] [inner, f, a_] | +| complex.cpp:53:12:53:12 | f [post update] [a_] | complex.cpp:53:6:53:10 | inner [post update] [f, a_] | | complex.cpp:53:14:53:17 | call to user_input | complex.cpp:11:17:11:17 | a | -| complex.cpp:53:14:53:17 | call to user_input | complex.cpp:53:12:53:12 | setA output argument [a_] | +| complex.cpp:53:14:53:17 | call to user_input | complex.cpp:53:14:53:17 | f [post update] [a_] | +| complex.cpp:53:14:53:17 | f [post update] [a_] | complex.cpp:53:12:53:12 | f [post update] [a_] | | complex.cpp:53:19:53:28 | call to user_input | complex.cpp:53:14:53:17 | call to user_input | -| complex.cpp:54:12:54:12 | setB output argument [b_] | complex.cpp:62:7:62:8 | b2 indirection [b_] | +| complex.cpp:54:3:54:4 | b2 [post update] [inner, f, b_] | complex.cpp:62:3:62:5 | b2 [inner, f, b_] | +| complex.cpp:54:6:54:10 | inner [post update] [f, b_] | complex.cpp:54:3:54:4 | b2 [post update] [inner, f, b_] | +| complex.cpp:54:12:54:12 | f [post update] [b_] | complex.cpp:54:6:54:10 | inner [post update] [f, b_] | | complex.cpp:54:14:54:17 | call to user_input | complex.cpp:12:17:12:17 | b | -| complex.cpp:54:14:54:17 | call to user_input | complex.cpp:54:12:54:12 | setB output argument [b_] | +| complex.cpp:54:14:54:17 | call to user_input | complex.cpp:54:14:54:17 | f [post update] [b_] | +| complex.cpp:54:14:54:17 | f [post update] [b_] | complex.cpp:54:12:54:12 | f [post update] [b_] | | complex.cpp:54:19:54:28 | call to user_input | complex.cpp:54:14:54:17 | call to user_input | -| complex.cpp:55:12:55:12 | setA output argument [a_] | complex.cpp:56:12:56:12 | f indirection [a_] | -| complex.cpp:55:12:55:12 | setA output argument [a_] | complex.cpp:65:7:65:8 | b3 indirection [a_] | +| complex.cpp:55:3:55:4 | b3 [post update] [inner, f, a_] | complex.cpp:65:3:65:5 | b3 [inner, f, a_] | +| complex.cpp:55:6:55:10 | inner [post update] [f, a_] | complex.cpp:55:3:55:4 | b3 [post update] [inner, f, a_] | +| complex.cpp:55:12:55:12 | f [post update] [a_] | complex.cpp:55:6:55:10 | inner [post update] [f, a_] | | complex.cpp:55:14:55:17 | call to user_input | complex.cpp:11:17:11:17 | a | -| complex.cpp:55:14:55:17 | call to user_input | complex.cpp:55:12:55:12 | setA output argument [a_] | +| complex.cpp:55:14:55:17 | call to user_input | complex.cpp:55:14:55:17 | f [post update] [a_] | +| complex.cpp:55:14:55:17 | f [post update] [a_] | complex.cpp:55:12:55:12 | f [post update] [a_] | | complex.cpp:55:19:55:28 | call to user_input | complex.cpp:55:14:55:17 | call to user_input | -| complex.cpp:56:12:56:12 | f indirection [a_] | complex.cpp:12:8:12:11 | *#this [a_] | -| complex.cpp:56:12:56:12 | f indirection [a_] | complex.cpp:56:12:56:12 | setB output argument [a_] | -| complex.cpp:56:12:56:12 | setB output argument [a_] | complex.cpp:65:7:65:8 | b3 indirection [a_] | -| complex.cpp:56:12:56:12 | setB output argument [b_] | complex.cpp:65:7:65:8 | b3 indirection [b_] | +| complex.cpp:56:3:56:4 | b3 [post update] [inner, f, b_] | complex.cpp:65:3:65:5 | b3 [inner, f, b_] | +| complex.cpp:56:6:56:10 | inner [post update] [f, b_] | complex.cpp:56:3:56:4 | b3 [post update] [inner, f, b_] | +| complex.cpp:56:12:56:12 | f [post update] [b_] | complex.cpp:56:6:56:10 | inner [post update] [f, b_] | | complex.cpp:56:14:56:17 | call to user_input | complex.cpp:12:17:12:17 | b | -| complex.cpp:56:14:56:17 | call to user_input | complex.cpp:56:12:56:12 | setB output argument [b_] | +| complex.cpp:56:14:56:17 | call to user_input | complex.cpp:56:14:56:17 | f [post update] [b_] | +| complex.cpp:56:14:56:17 | f [post update] [b_] | complex.cpp:56:12:56:12 | f [post update] [b_] | | complex.cpp:56:19:56:28 | call to user_input | complex.cpp:56:14:56:17 | call to user_input | -| complex.cpp:59:7:59:8 | b1 indirection [a_] | complex.cpp:40:17:40:17 | *b [a_] | -| complex.cpp:62:7:62:8 | b2 indirection [b_] | complex.cpp:40:17:40:17 | *b [b_] | -| complex.cpp:65:7:65:8 | b3 indirection [a_] | complex.cpp:40:17:40:17 | *b [a_] | -| complex.cpp:65:7:65:8 | b3 indirection [b_] | complex.cpp:40:17:40:17 | *b [b_] | -| constructors.cpp:18:9:18:9 | *#this [a_] | constructors.cpp:18:22:18:23 | Store | -| constructors.cpp:19:9:19:9 | *#this [b_] | constructors.cpp:19:22:19:23 | Store | -| constructors.cpp:23:13:23:13 | a | constructors.cpp:23:28:23:28 | Chi [a_] | -| constructors.cpp:23:20:23:20 | b | constructors.cpp:23:35:23:35 | Chi [b_] | -| constructors.cpp:23:28:23:28 | Chi [a_] | constructors.cpp:23:35:23:35 | Chi [a_] | -| constructors.cpp:26:15:26:15 | *f [a_] | constructors.cpp:28:10:28:10 | f indirection [a_] | -| constructors.cpp:26:15:26:15 | *f [b_] | constructors.cpp:28:10:28:10 | f indirection [b_] | -| constructors.cpp:26:15:26:15 | *f [b_] | constructors.cpp:29:10:29:10 | f indirection [b_] | -| constructors.cpp:28:10:28:10 | a output argument [b_] | constructors.cpp:29:10:29:10 | f indirection [b_] | -| constructors.cpp:28:10:28:10 | f indirection [a_] | constructors.cpp:18:9:18:9 | *#this [a_] | -| constructors.cpp:28:10:28:10 | f indirection [a_] | constructors.cpp:28:12:28:12 | call to a | -| constructors.cpp:28:10:28:10 | f indirection [b_] | constructors.cpp:18:9:18:9 | *#this [b_] | -| constructors.cpp:28:10:28:10 | f indirection [b_] | constructors.cpp:28:10:28:10 | a output argument [b_] | -| constructors.cpp:29:10:29:10 | f indirection [b_] | constructors.cpp:19:9:19:9 | *#this [b_] | -| constructors.cpp:29:10:29:10 | f indirection [b_] | constructors.cpp:29:12:29:12 | call to b | +| complex.cpp:59:3:59:5 | b1 [inner, f, a_] | complex.cpp:40:17:40:17 | b [inner, f, a_] | +| complex.cpp:62:3:62:5 | b2 [inner, f, b_] | complex.cpp:40:17:40:17 | b [inner, f, b_] | +| complex.cpp:65:3:65:5 | b3 [inner, f, a_] | complex.cpp:40:17:40:17 | b [inner, f, a_] | +| complex.cpp:65:3:65:5 | b3 [inner, f, b_] | complex.cpp:40:17:40:17 | b [inner, f, b_] | +| conflated.cpp:10:4:10:5 | (reference dereference) [post update] [p] | conflated.cpp:11:9:11:10 | (reference dereference) [read] [p] | +| conflated.cpp:10:7:10:7 | FieldAddress [post update] | conflated.cpp:10:4:10:5 | (reference dereference) [post update] [p] | +| conflated.cpp:10:11:10:20 | call to user_input | conflated.cpp:10:7:10:7 | FieldAddress [post update] | +| conflated.cpp:11:9:11:10 | (reference dereference) [read] [p] | conflated.cpp:11:12:11:12 | FieldAddress [read] | +| conflated.cpp:11:12:11:12 | FieldAddress [read] | conflated.cpp:11:8:11:12 | * ... | +| conflated.cpp:19:19:19:21 | argument_source output argument | conflated.cpp:20:8:20:10 | (void *)... | +| conflated.cpp:19:19:19:21 | argument_source output argument | conflated.cpp:20:8:20:10 | raw | +| conflated.cpp:29:3:29:4 | pa [post update] [x] | conflated.cpp:30:8:30:9 | pa [read] [x] | +| conflated.cpp:29:7:29:7 | x [post update] | conflated.cpp:29:3:29:4 | pa [post update] [x] | +| conflated.cpp:29:11:29:20 | call to user_input | conflated.cpp:29:7:29:7 | x [post update] | +| conflated.cpp:30:8:30:9 | pa [read] [x] | conflated.cpp:30:12:30:12 | FieldAddress [read] | +| conflated.cpp:30:12:30:12 | FieldAddress [read] | conflated.cpp:30:12:30:12 | x | +| conflated.cpp:36:3:36:4 | pa [post update] [x] | conflated.cpp:37:8:37:9 | pa [read] [x] | +| conflated.cpp:36:7:36:7 | x [post update] | conflated.cpp:36:3:36:4 | pa [post update] [x] | +| conflated.cpp:36:11:36:20 | call to user_input | conflated.cpp:36:7:36:7 | x [post update] | +| conflated.cpp:37:8:37:9 | pa [read] [x] | conflated.cpp:37:12:37:12 | FieldAddress [read] | +| conflated.cpp:37:12:37:12 | FieldAddress [read] | conflated.cpp:37:12:37:12 | x | +| conflated.cpp:54:3:54:4 | ll [post update] [next, y] | conflated.cpp:55:8:55:9 | ll [read] [next, y] | +| conflated.cpp:54:7:54:10 | FieldAddress [post update] [y] | conflated.cpp:54:3:54:4 | ll [post update] [next, y] | +| conflated.cpp:54:7:54:10 | next [post update] [y] | conflated.cpp:54:7:54:10 | FieldAddress [post update] [y] | +| conflated.cpp:54:13:54:13 | y [post update] | conflated.cpp:54:7:54:10 | next [post update] [y] | +| conflated.cpp:54:17:54:26 | call to user_input | conflated.cpp:54:13:54:13 | y [post update] | +| conflated.cpp:55:8:55:9 | ll [read] [next, y] | conflated.cpp:55:12:55:15 | FieldAddress [read] [y] | +| conflated.cpp:55:12:55:15 | FieldAddress [read] [y] | conflated.cpp:55:12:55:15 | next [read] [y] | +| conflated.cpp:55:12:55:15 | next [read] [y] | conflated.cpp:55:18:55:18 | FieldAddress [read] | +| conflated.cpp:55:18:55:18 | FieldAddress [read] | conflated.cpp:55:18:55:18 | y | +| conflated.cpp:60:3:60:4 | ll [post update] [next, y] | conflated.cpp:61:8:61:9 | ll [read] [next, y] | +| conflated.cpp:60:7:60:10 | FieldAddress [post update] [y] | conflated.cpp:60:3:60:4 | ll [post update] [next, y] | +| conflated.cpp:60:7:60:10 | next [post update] [y] | conflated.cpp:60:7:60:10 | FieldAddress [post update] [y] | +| conflated.cpp:60:13:60:13 | y [post update] | conflated.cpp:60:7:60:10 | next [post update] [y] | +| conflated.cpp:60:17:60:26 | call to user_input | conflated.cpp:60:13:60:13 | y [post update] | +| conflated.cpp:61:8:61:9 | ll [read] [next, y] | conflated.cpp:61:12:61:15 | FieldAddress [read] [y] | +| conflated.cpp:61:12:61:15 | FieldAddress [read] [y] | conflated.cpp:61:12:61:15 | next [read] [y] | +| conflated.cpp:61:12:61:15 | next [read] [y] | conflated.cpp:61:18:61:18 | FieldAddress [read] | +| conflated.cpp:61:18:61:18 | FieldAddress [read] | conflated.cpp:61:18:61:18 | y | +| constructors.cpp:18:9:18:9 | this [a_] | constructors.cpp:18:22:18:23 | this [read] [a_] | +| constructors.cpp:18:22:18:23 | FieldAddress [read] | constructors.cpp:18:9:18:9 | ReturnValue | +| constructors.cpp:18:22:18:23 | this [read] [a_] | constructors.cpp:18:22:18:23 | FieldAddress [read] | +| constructors.cpp:19:9:19:9 | this [b_] | constructors.cpp:19:22:19:23 | this [read] [b_] | +| constructors.cpp:19:22:19:23 | FieldAddress [read] | constructors.cpp:19:9:19:9 | ReturnValue | +| constructors.cpp:19:22:19:23 | this [read] [b_] | constructors.cpp:19:22:19:23 | FieldAddress [read] | +| constructors.cpp:23:13:23:13 | a | constructors.cpp:23:25:23:29 | FieldAddress [post update] | +| constructors.cpp:23:20:23:20 | b | constructors.cpp:23:32:23:36 | FieldAddress [post update] | +| constructors.cpp:23:25:23:29 | FieldAddress [post update] | constructors.cpp:23:5:23:7 | this [post update] [a_] | +| constructors.cpp:23:32:23:36 | FieldAddress [post update] | constructors.cpp:23:5:23:7 | this [post update] [b_] | +| constructors.cpp:26:15:26:15 | f [a_] | constructors.cpp:28:12:28:12 | f [a_] | +| constructors.cpp:26:15:26:15 | f [b_] | constructors.cpp:29:12:29:12 | f [b_] | +| constructors.cpp:28:12:28:12 | f [a_] | constructors.cpp:18:9:18:9 | this [a_] | +| constructors.cpp:28:12:28:12 | f [a_] | constructors.cpp:28:12:28:12 | call to a | +| constructors.cpp:29:12:29:12 | f [b_] | constructors.cpp:19:9:19:9 | this [b_] | +| constructors.cpp:29:12:29:12 | f [b_] | constructors.cpp:29:12:29:12 | call to b | | constructors.cpp:34:11:34:20 | call to user_input | constructors.cpp:34:11:34:26 | call to user_input | -| constructors.cpp:34:11:34:26 | Foo output argument [a_] | constructors.cpp:40:9:40:9 | f indirection [a_] | +| constructors.cpp:34:11:34:26 | Argument this [post update] [a_] | constructors.cpp:40:5:40:7 | f [a_] | | constructors.cpp:34:11:34:26 | call to user_input | constructors.cpp:23:13:23:13 | a | -| constructors.cpp:34:11:34:26 | call to user_input | constructors.cpp:34:11:34:26 | Foo output argument [a_] | -| constructors.cpp:35:11:35:26 | Foo output argument [b_] | constructors.cpp:43:9:43:9 | g indirection [b_] | +| constructors.cpp:34:11:34:26 | call to user_input | constructors.cpp:34:11:34:26 | Argument this [post update] [a_] | +| constructors.cpp:35:11:35:26 | Argument this [post update] [b_] | constructors.cpp:43:5:43:7 | g [b_] | | constructors.cpp:35:11:35:26 | call to user_input | constructors.cpp:23:20:23:20 | b | -| constructors.cpp:35:11:35:26 | call to user_input | constructors.cpp:35:11:35:26 | Foo output argument [b_] | +| constructors.cpp:35:11:35:26 | call to user_input | constructors.cpp:35:11:35:26 | Argument this [post update] [b_] | | constructors.cpp:35:14:35:23 | call to user_input | constructors.cpp:35:11:35:26 | call to user_input | | constructors.cpp:36:11:36:20 | call to user_input | constructors.cpp:36:11:36:37 | call to user_input | -| constructors.cpp:36:11:36:37 | Foo output argument [a_] | constructors.cpp:46:9:46:9 | h indirection [a_] | -| constructors.cpp:36:11:36:37 | Foo output argument [b_] | constructors.cpp:46:9:46:9 | h indirection [b_] | +| constructors.cpp:36:11:36:37 | Argument this [post update] [a_] | constructors.cpp:46:5:46:7 | h [a_] | +| constructors.cpp:36:11:36:37 | Argument this [post update] [b_] | constructors.cpp:46:5:46:7 | h [b_] | | constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:23:13:23:13 | a | | constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:23:20:23:20 | b | -| constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:36:11:36:37 | Foo output argument [a_] | -| constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:36:11:36:37 | Foo output argument [b_] | +| constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:36:11:36:37 | Argument this [post update] [a_] | +| constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:36:11:36:37 | Argument this [post update] [b_] | | constructors.cpp:36:25:36:34 | call to user_input | constructors.cpp:36:11:36:37 | call to user_input | -| constructors.cpp:40:9:40:9 | f indirection [a_] | constructors.cpp:26:15:26:15 | *f [a_] | -| constructors.cpp:43:9:43:9 | g indirection [b_] | constructors.cpp:26:15:26:15 | *f [b_] | -| constructors.cpp:46:9:46:9 | h indirection [a_] | constructors.cpp:26:15:26:15 | *f [a_] | -| constructors.cpp:46:9:46:9 | h indirection [b_] | constructors.cpp:26:15:26:15 | *f [b_] | -| simple.cpp:18:9:18:9 | *#this [a_] | simple.cpp:18:22:18:23 | Store | -| simple.cpp:19:9:19:9 | *#this [b_] | simple.cpp:19:22:19:23 | Store | -| simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:29 | Chi [a_] | -| simple.cpp:21:10:21:13 | *#this [a_] | simple.cpp:21:24:21:29 | Chi [a_] | -| simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:29 | Chi [b_] | -| simple.cpp:26:15:26:15 | *f [a_] | simple.cpp:28:10:28:10 | f indirection [a_] | -| simple.cpp:26:15:26:15 | *f [b_] | simple.cpp:28:10:28:10 | f indirection [b_] | -| simple.cpp:26:15:26:15 | *f [b_] | simple.cpp:29:10:29:10 | f indirection [b_] | -| simple.cpp:28:10:28:10 | a output argument [b_] | simple.cpp:29:10:29:10 | f indirection [b_] | -| simple.cpp:28:10:28:10 | f indirection [a_] | simple.cpp:18:9:18:9 | *#this [a_] | -| simple.cpp:28:10:28:10 | f indirection [a_] | simple.cpp:28:12:28:12 | call to a | -| simple.cpp:28:10:28:10 | f indirection [b_] | simple.cpp:18:9:18:9 | *#this [b_] | -| simple.cpp:28:10:28:10 | f indirection [b_] | simple.cpp:28:10:28:10 | a output argument [b_] | -| simple.cpp:29:10:29:10 | f indirection [b_] | simple.cpp:19:9:19:9 | *#this [b_] | -| simple.cpp:29:10:29:10 | f indirection [b_] | simple.cpp:29:12:29:12 | call to b | -| simple.cpp:39:5:39:5 | setA output argument [a_] | simple.cpp:45:9:45:9 | f indirection [a_] | +| constructors.cpp:40:5:40:7 | f [a_] | constructors.cpp:26:15:26:15 | f [a_] | +| constructors.cpp:43:5:43:7 | g [b_] | constructors.cpp:26:15:26:15 | f [b_] | +| constructors.cpp:46:5:46:7 | h [a_] | constructors.cpp:26:15:26:15 | f [a_] | +| constructors.cpp:46:5:46:7 | h [b_] | constructors.cpp:26:15:26:15 | f [b_] | +| qualifiers.cpp:9:21:9:25 | value | qualifiers.cpp:9:36:9:36 | a [post update] | +| qualifiers.cpp:9:36:9:36 | a [post update] | qualifiers.cpp:9:30:9:33 | this [post update] [a] | +| qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:56:12:56 | a [post update] | +| qualifiers.cpp:12:56:12:56 | a [post update] | qualifiers.cpp:12:49:12:53 | inner [post update] [a] | +| qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:57:13:57 | a [post update] | +| qualifiers.cpp:13:51:13:55 | (reference dereference) [post update] [a] | qualifiers.cpp:13:51:13:55 | inner [post update] [a] | +| qualifiers.cpp:13:57:13:57 | a [post update] | qualifiers.cpp:13:51:13:55 | (reference dereference) [post update] [a] | +| qualifiers.cpp:22:11:22:18 | call to getInner [post update] [a] | qualifiers.cpp:22:11:22:18 | outer [post update] [inner, a] | +| qualifiers.cpp:22:11:22:18 | outer [post update] [inner, a] | qualifiers.cpp:23:10:23:14 | outer [read] [inner, a] | +| qualifiers.cpp:22:23:22:23 | a [post update] | qualifiers.cpp:22:11:22:18 | call to getInner [post update] [a] | +| qualifiers.cpp:22:27:22:36 | call to user_input | qualifiers.cpp:22:23:22:23 | a [post update] | +| qualifiers.cpp:23:10:23:14 | outer [read] [inner, a] | qualifiers.cpp:23:16:23:20 | FieldAddress [read] [a] | +| qualifiers.cpp:23:16:23:20 | FieldAddress [read] [a] | qualifiers.cpp:23:16:23:20 | inner [read] [a] | +| qualifiers.cpp:23:16:23:20 | inner [read] [a] | qualifiers.cpp:23:23:23:23 | FieldAddress [read] | +| qualifiers.cpp:23:23:23:23 | FieldAddress [read] | qualifiers.cpp:23:23:23:23 | a | +| qualifiers.cpp:27:11:27:18 | call to getInner [post update] [a] | qualifiers.cpp:27:11:27:18 | outer [post update] [inner, a] | +| qualifiers.cpp:27:11:27:18 | outer [post update] [inner, a] | qualifiers.cpp:28:10:28:14 | outer [read] [inner, a] | +| qualifiers.cpp:27:23:27:26 | call to getInner [post update] [a] | qualifiers.cpp:27:11:27:18 | call to getInner [post update] [a] | +| qualifiers.cpp:27:23:27:26 | call to user_input | qualifiers.cpp:9:21:9:25 | value | +| qualifiers.cpp:27:23:27:26 | call to user_input | qualifiers.cpp:27:23:27:26 | call to getInner [post update] [a] | +| qualifiers.cpp:27:28:27:37 | call to user_input | qualifiers.cpp:27:23:27:26 | call to user_input | +| qualifiers.cpp:28:10:28:14 | outer [read] [inner, a] | qualifiers.cpp:28:16:28:20 | FieldAddress [read] [a] | +| qualifiers.cpp:28:16:28:20 | FieldAddress [read] [a] | qualifiers.cpp:28:16:28:20 | inner [read] [a] | +| qualifiers.cpp:28:16:28:20 | inner [read] [a] | qualifiers.cpp:28:23:28:23 | FieldAddress [read] | +| qualifiers.cpp:28:23:28:23 | FieldAddress [read] | qualifiers.cpp:28:23:28:23 | a | +| qualifiers.cpp:32:5:32:15 | call to getInner [post update] [a] | qualifiers.cpp:32:23:32:30 | call to getInner [post update] [a] | +| qualifiers.cpp:32:5:32:15 | call to user_input | qualifiers.cpp:12:40:12:44 | value | +| qualifiers.cpp:32:5:32:15 | call to user_input | qualifiers.cpp:32:5:32:15 | call to getInner [post update] [a] | +| qualifiers.cpp:32:23:32:30 | call to getInner [post update] [a] | qualifiers.cpp:32:23:32:30 | outer [post update] [inner, a] | +| qualifiers.cpp:32:23:32:30 | outer [post update] [inner, a] | qualifiers.cpp:33:10:33:14 | outer [read] [inner, a] | +| qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:32:5:32:15 | call to user_input | +| qualifiers.cpp:33:10:33:14 | outer [read] [inner, a] | qualifiers.cpp:33:16:33:20 | FieldAddress [read] [a] | +| qualifiers.cpp:33:16:33:20 | FieldAddress [read] [a] | qualifiers.cpp:33:16:33:20 | inner [read] [a] | +| qualifiers.cpp:33:16:33:20 | inner [read] [a] | qualifiers.cpp:33:23:33:23 | FieldAddress [read] | +| qualifiers.cpp:33:23:33:23 | FieldAddress [read] | qualifiers.cpp:33:23:33:23 | a | +| qualifiers.cpp:37:5:37:17 | * ... [post update] [a] | qualifiers.cpp:37:26:37:33 | call to getInner [post update] [a] | +| qualifiers.cpp:37:5:37:17 | call to user_input | qualifiers.cpp:13:42:13:46 | value | +| qualifiers.cpp:37:5:37:17 | call to user_input | qualifiers.cpp:37:5:37:17 | * ... [post update] [a] | +| qualifiers.cpp:37:26:37:33 | call to getInner [post update] [a] | qualifiers.cpp:37:26:37:33 | outer [post update] [inner, a] | +| qualifiers.cpp:37:26:37:33 | outer [post update] [inner, a] | qualifiers.cpp:38:10:38:14 | outer [read] [inner, a] | +| qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:37:5:37:17 | call to user_input | +| qualifiers.cpp:38:10:38:14 | outer [read] [inner, a] | qualifiers.cpp:38:16:38:20 | FieldAddress [read] [a] | +| qualifiers.cpp:38:16:38:20 | FieldAddress [read] [a] | qualifiers.cpp:38:16:38:20 | inner [read] [a] | +| qualifiers.cpp:38:16:38:20 | inner [read] [a] | qualifiers.cpp:38:23:38:23 | FieldAddress [read] | +| qualifiers.cpp:38:23:38:23 | FieldAddress [read] | qualifiers.cpp:38:23:38:23 | a | +| qualifiers.cpp:42:6:42:22 | * ... [post update] [a] | qualifiers.cpp:42:13:42:20 | call to getInner [post update] [a] | +| qualifiers.cpp:42:13:42:20 | call to getInner [post update] [a] | qualifiers.cpp:42:13:42:20 | outer [post update] [inner, a] | +| qualifiers.cpp:42:13:42:20 | outer [post update] [inner, a] | qualifiers.cpp:43:10:43:14 | outer [read] [inner, a] | +| qualifiers.cpp:42:25:42:25 | a [post update] | qualifiers.cpp:42:6:42:22 | * ... [post update] [a] | +| qualifiers.cpp:42:29:42:38 | call to user_input | qualifiers.cpp:42:25:42:25 | a [post update] | +| qualifiers.cpp:43:10:43:14 | outer [read] [inner, a] | qualifiers.cpp:43:16:43:20 | FieldAddress [read] [a] | +| qualifiers.cpp:43:16:43:20 | FieldAddress [read] [a] | qualifiers.cpp:43:16:43:20 | inner [read] [a] | +| qualifiers.cpp:43:16:43:20 | inner [read] [a] | qualifiers.cpp:43:23:43:23 | FieldAddress [read] | +| qualifiers.cpp:43:23:43:23 | FieldAddress [read] | qualifiers.cpp:43:23:43:23 | a | +| qualifiers.cpp:47:15:47:22 | & ... [post update] [inner, a] | qualifiers.cpp:48:10:48:14 | outer [read] [inner, a] | +| qualifiers.cpp:47:15:47:22 | call to getInner [post update] [a] | qualifiers.cpp:47:15:47:22 | & ... [post update] [inner, a] | +| qualifiers.cpp:47:27:47:27 | a [post update] | qualifiers.cpp:47:15:47:22 | call to getInner [post update] [a] | +| qualifiers.cpp:47:31:47:40 | call to user_input | qualifiers.cpp:47:27:47:27 | a [post update] | +| qualifiers.cpp:48:10:48:14 | outer [read] [inner, a] | qualifiers.cpp:48:16:48:20 | FieldAddress [read] [a] | +| qualifiers.cpp:48:16:48:20 | FieldAddress [read] [a] | qualifiers.cpp:48:16:48:20 | inner [read] [a] | +| qualifiers.cpp:48:16:48:20 | inner [read] [a] | qualifiers.cpp:48:23:48:23 | FieldAddress [read] | +| qualifiers.cpp:48:23:48:23 | FieldAddress [read] | qualifiers.cpp:48:23:48:23 | a | +| realistic.cpp:53:9:53:11 | foo [post update] [bar, baz, userInput, bufferLen] | realistic.cpp:61:21:61:23 | foo [read] [bar, baz, userInput, bufferLen] | +| realistic.cpp:53:9:53:18 | access to array [post update] [baz, userInput, bufferLen] | realistic.cpp:53:13:53:15 | bar [post update] [baz, userInput, bufferLen] | +| realistic.cpp:53:13:53:15 | bar [post update] [baz, userInput, bufferLen] | realistic.cpp:53:9:53:11 | foo [post update] [bar, baz, userInput, bufferLen] | +| realistic.cpp:53:20:53:22 | FieldAddress [post update] [userInput, bufferLen] | realistic.cpp:53:9:53:18 | access to array [post update] [baz, userInput, bufferLen] | +| realistic.cpp:53:20:53:22 | baz [post update] [userInput, bufferLen] | realistic.cpp:53:20:53:22 | FieldAddress [post update] [userInput, bufferLen] | +| realistic.cpp:53:25:53:33 | userInput [post update] [bufferLen] | realistic.cpp:53:20:53:22 | baz [post update] [userInput, bufferLen] | +| realistic.cpp:53:35:53:43 | bufferLen [post update] | realistic.cpp:53:25:53:33 | userInput [post update] [bufferLen] | +| realistic.cpp:53:47:53:66 | (size_t)... | realistic.cpp:53:35:53:43 | bufferLen [post update] | +| realistic.cpp:53:55:53:64 | call to user_input | realistic.cpp:53:35:53:43 | bufferLen [post update] | +| realistic.cpp:61:21:61:23 | foo [read] [bar, baz, userInput, bufferLen] | realistic.cpp:61:25:61:27 | bar [read] [baz, userInput, bufferLen] | +| realistic.cpp:61:21:61:30 | access to array [read] [baz, userInput, bufferLen] | realistic.cpp:61:32:61:34 | FieldAddress [read] [userInput, bufferLen] | +| realistic.cpp:61:25:61:27 | bar [read] [baz, userInput, bufferLen] | realistic.cpp:61:21:61:30 | access to array [read] [baz, userInput, bufferLen] | +| realistic.cpp:61:32:61:34 | FieldAddress [read] [userInput, bufferLen] | realistic.cpp:61:32:61:34 | baz [read] [userInput, bufferLen] | +| realistic.cpp:61:32:61:34 | baz [read] [userInput, bufferLen] | realistic.cpp:61:37:61:45 | userInput [read] [bufferLen] | +| realistic.cpp:61:37:61:45 | userInput [read] [bufferLen] | realistic.cpp:61:47:61:55 | FieldAddress [read] | +| realistic.cpp:61:47:61:55 | FieldAddress [read] | realistic.cpp:61:14:61:55 | (void *)... | +| simple.cpp:18:9:18:9 | this [a_] | simple.cpp:18:22:18:23 | this [read] [a_] | +| simple.cpp:18:22:18:23 | FieldAddress [read] | simple.cpp:18:9:18:9 | ReturnValue | +| simple.cpp:18:22:18:23 | this [read] [a_] | simple.cpp:18:22:18:23 | FieldAddress [read] | +| simple.cpp:19:9:19:9 | this [b_] | simple.cpp:19:22:19:23 | this [read] [b_] | +| simple.cpp:19:22:19:23 | FieldAddress [read] | simple.cpp:19:9:19:9 | ReturnValue | +| simple.cpp:19:22:19:23 | this [read] [b_] | simple.cpp:19:22:19:23 | FieldAddress [read] | +| simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:25 | a_ [post update] | +| simple.cpp:20:24:20:25 | a_ [post update] | simple.cpp:20:24:20:25 | this [post update] [a_] | +| simple.cpp:21:10:21:13 | *#this [a_] | simple.cpp:21:10:21:13 | ReturnIndirection [a_] | +| simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:25 | b_ [post update] | +| simple.cpp:21:24:21:25 | b_ [post update] | simple.cpp:21:24:21:25 | this [post update] [b_] | +| simple.cpp:26:15:26:15 | f [a_] | simple.cpp:28:12:28:12 | f [a_] | +| simple.cpp:26:15:26:15 | f [b_] | simple.cpp:29:12:29:12 | f [b_] | +| simple.cpp:28:12:28:12 | f [a_] | simple.cpp:18:9:18:9 | this [a_] | +| simple.cpp:28:12:28:12 | f [a_] | simple.cpp:28:12:28:12 | call to a | +| simple.cpp:29:12:29:12 | f [b_] | simple.cpp:19:9:19:9 | this [b_] | +| simple.cpp:29:12:29:12 | f [b_] | simple.cpp:29:12:29:12 | call to b | | simple.cpp:39:7:39:10 | call to user_input | simple.cpp:20:19:20:19 | a | -| simple.cpp:39:7:39:10 | call to user_input | simple.cpp:39:5:39:5 | setA output argument [a_] | +| simple.cpp:39:7:39:10 | call to user_input | simple.cpp:39:7:39:10 | f [post update] [a_] | +| simple.cpp:39:7:39:10 | f [post update] [a_] | simple.cpp:45:5:45:7 | f [a_] | | simple.cpp:39:12:39:21 | call to user_input | simple.cpp:39:7:39:10 | call to user_input | -| simple.cpp:40:5:40:5 | setB output argument [b_] | simple.cpp:48:9:48:9 | g indirection [b_] | | simple.cpp:40:7:40:10 | call to user_input | simple.cpp:21:19:21:19 | b | -| simple.cpp:40:7:40:10 | call to user_input | simple.cpp:40:5:40:5 | setB output argument [b_] | +| simple.cpp:40:7:40:10 | call to user_input | simple.cpp:40:7:40:10 | g [post update] [b_] | +| simple.cpp:40:7:40:10 | g [post update] [b_] | simple.cpp:48:5:48:7 | g [b_] | | simple.cpp:40:12:40:21 | call to user_input | simple.cpp:40:7:40:10 | call to user_input | -| simple.cpp:41:5:41:5 | setA output argument [a_] | simple.cpp:42:5:42:5 | h indirection [a_] | -| simple.cpp:41:5:41:5 | setA output argument [a_] | simple.cpp:51:9:51:9 | h indirection [a_] | | simple.cpp:41:7:41:10 | call to user_input | simple.cpp:20:19:20:19 | a | -| simple.cpp:41:7:41:10 | call to user_input | simple.cpp:41:5:41:5 | setA output argument [a_] | +| simple.cpp:41:7:41:10 | call to user_input | simple.cpp:41:7:41:10 | h [post update] [a_] | +| simple.cpp:41:7:41:10 | h [post update] [a_] | simple.cpp:42:5:42:5 | h indirection [a_] | +| simple.cpp:41:7:41:10 | h [post update] [a_] | simple.cpp:51:5:51:7 | h [a_] | | simple.cpp:41:12:41:21 | call to user_input | simple.cpp:41:7:41:10 | call to user_input | | simple.cpp:42:5:42:5 | h indirection [a_] | simple.cpp:21:10:21:13 | *#this [a_] | | simple.cpp:42:5:42:5 | h indirection [a_] | simple.cpp:42:5:42:5 | setB output argument [a_] | -| simple.cpp:42:5:42:5 | setB output argument [a_] | simple.cpp:51:9:51:9 | h indirection [a_] | -| simple.cpp:42:5:42:5 | setB output argument [b_] | simple.cpp:51:9:51:9 | h indirection [b_] | +| simple.cpp:42:5:42:5 | setB output argument [a_] | simple.cpp:51:5:51:7 | h [a_] | | simple.cpp:42:7:42:10 | call to user_input | simple.cpp:21:19:21:19 | b | -| simple.cpp:42:7:42:10 | call to user_input | simple.cpp:42:5:42:5 | setB output argument [b_] | +| simple.cpp:42:7:42:10 | call to user_input | simple.cpp:42:7:42:10 | h [post update] [b_] | +| simple.cpp:42:7:42:10 | h [post update] [b_] | simple.cpp:51:5:51:7 | h [b_] | | simple.cpp:42:12:42:21 | call to user_input | simple.cpp:42:7:42:10 | call to user_input | -| simple.cpp:45:9:45:9 | f indirection [a_] | simple.cpp:26:15:26:15 | *f [a_] | -| simple.cpp:48:9:48:9 | g indirection [b_] | simple.cpp:26:15:26:15 | *f [b_] | -| simple.cpp:51:9:51:9 | h indirection [a_] | simple.cpp:26:15:26:15 | *f [a_] | -| simple.cpp:51:9:51:9 | h indirection [b_] | simple.cpp:26:15:26:15 | *f [b_] | -| simple.cpp:65:5:65:22 | Store [i] | simple.cpp:66:12:66:12 | Store [i] | -| simple.cpp:65:11:65:20 | call to user_input | simple.cpp:65:5:65:22 | Store [i] | -| simple.cpp:66:12:66:12 | Store [i] | simple.cpp:67:13:67:13 | i | -| simple.cpp:78:9:78:15 | *#this [f1] | simple.cpp:79:19:79:20 | Store | -| simple.cpp:83:9:83:28 | Store [f1] | simple.cpp:84:14:84:20 | this indirection [f1] | -| simple.cpp:83:17:83:26 | call to user_input | simple.cpp:83:9:83:28 | Store [f1] | -| simple.cpp:84:14:84:20 | this indirection [f1] | simple.cpp:78:9:78:15 | *#this [f1] | -| simple.cpp:84:14:84:20 | this indirection [f1] | simple.cpp:84:14:84:20 | call to getf2f1 | -| simple.cpp:92:5:92:22 | Store [i] | simple.cpp:93:20:93:20 | Store [i] | -| simple.cpp:92:11:92:20 | call to user_input | simple.cpp:92:5:92:22 | Store [i] | -| simple.cpp:93:20:93:20 | Store [i] | simple.cpp:94:13:94:13 | i | -| struct_init.c:14:24:14:25 | *ab [a] | struct_init.c:15:12:15:12 | a | -| struct_init.c:20:20:20:29 | Chi [a] | struct_init.c:24:10:24:12 | & ... indirection [a] | -| struct_init.c:20:20:20:29 | call to user_input | struct_init.c:20:20:20:29 | Chi [a] | -| struct_init.c:20:20:20:29 | call to user_input | struct_init.c:22:11:22:11 | a | +| simple.cpp:45:5:45:7 | f [a_] | simple.cpp:26:15:26:15 | f [a_] | +| simple.cpp:48:5:48:7 | g [b_] | simple.cpp:26:15:26:15 | f [b_] | +| simple.cpp:51:5:51:7 | h [a_] | simple.cpp:26:15:26:15 | f [a_] | +| simple.cpp:51:5:51:7 | h [b_] | simple.cpp:26:15:26:15 | f [b_] | +| simple.cpp:65:5:65:5 | a [post update] [i] | simple.cpp:67:10:67:11 | a2 [read] [i] | +| simple.cpp:65:7:65:7 | i [post update] | simple.cpp:65:5:65:5 | a [post update] [i] | +| simple.cpp:65:11:65:20 | call to user_input | simple.cpp:65:7:65:7 | i [post update] | +| simple.cpp:67:10:67:11 | a2 [read] [i] | simple.cpp:67:13:67:13 | FieldAddress [read] | +| simple.cpp:67:13:67:13 | FieldAddress [read] | simple.cpp:67:13:67:13 | i | +| simple.cpp:78:9:78:15 | this [f2, f1] | simple.cpp:79:16:79:17 | this [read] [f2, f1] | +| simple.cpp:79:16:79:17 | f2 [read] [f1] | simple.cpp:79:19:79:20 | FieldAddress [read] | +| simple.cpp:79:16:79:17 | this [read] [f2, f1] | simple.cpp:79:16:79:17 | f2 [read] [f1] | +| simple.cpp:79:19:79:20 | FieldAddress [read] | simple.cpp:78:9:78:15 | ReturnValue | +| simple.cpp:83:9:83:10 | f2 [post update] [f1] | simple.cpp:83:9:83:10 | this [post update] [f2, f1] | +| simple.cpp:83:9:83:10 | this [post update] [f2, f1] | simple.cpp:84:14:84:20 | this [f2, f1] | +| simple.cpp:83:12:83:13 | f1 [post update] | simple.cpp:83:9:83:10 | f2 [post update] [f1] | +| simple.cpp:83:17:83:26 | call to user_input | simple.cpp:83:12:83:13 | f1 [post update] | +| simple.cpp:84:14:84:20 | this [f2, f1] | simple.cpp:78:9:78:15 | this [f2, f1] | +| simple.cpp:84:14:84:20 | this [f2, f1] | simple.cpp:84:14:84:20 | call to getf2f1 | +| simple.cpp:92:5:92:5 | a [post update] [i] | simple.cpp:94:10:94:11 | a2 [read] [i] | +| simple.cpp:92:7:92:7 | i [post update] | simple.cpp:92:5:92:5 | a [post update] [i] | +| simple.cpp:92:11:92:20 | call to user_input | simple.cpp:92:7:92:7 | i [post update] | +| simple.cpp:94:10:94:11 | a2 [read] [i] | simple.cpp:94:13:94:13 | FieldAddress [read] | +| simple.cpp:94:13:94:13 | FieldAddress [read] | simple.cpp:94:13:94:13 | i | +| struct_init.c:14:24:14:25 | *ab [a] | struct_init.c:15:8:15:9 | ab [read] [a] | +| struct_init.c:14:24:14:25 | ab [a] | struct_init.c:15:8:15:9 | ab [read] [a] | +| struct_init.c:15:8:15:9 | ab [read] [a] | struct_init.c:15:12:15:12 | FieldAddress [read] | +| struct_init.c:15:12:15:12 | FieldAddress [read] | struct_init.c:15:12:15:12 | a | +| struct_init.c:20:13:20:14 | VariableAddress [post update] [a] | struct_init.c:22:8:22:9 | ab [read] [a] | +| struct_init.c:20:13:20:14 | VariableAddress [post update] [a] | struct_init.c:24:10:24:12 | & ... indirection [a] | +| struct_init.c:20:17:20:36 | FieldAddress [post update] | struct_init.c:20:13:20:14 | VariableAddress [post update] [a] | +| struct_init.c:20:20:20:29 | call to user_input | struct_init.c:20:17:20:36 | FieldAddress [post update] | +| struct_init.c:22:8:22:9 | ab [read] [a] | struct_init.c:22:11:22:11 | FieldAddress [read] | +| struct_init.c:22:11:22:11 | FieldAddress [read] | struct_init.c:22:11:22:11 | a | | struct_init.c:24:10:24:12 | & ... indirection [a] | struct_init.c:14:24:14:25 | *ab [a] | -| struct_init.c:27:7:27:16 | Chi [a] | struct_init.c:36:10:36:24 | & ... indirection [a] | -| struct_init.c:27:7:27:16 | call to user_input | struct_init.c:27:7:27:16 | Chi [a] | -| struct_init.c:27:7:27:16 | call to user_input | struct_init.c:31:23:31:23 | a | -| struct_init.c:36:10:36:24 | & ... indirection [a] | struct_init.c:14:24:14:25 | *ab [a] | +| struct_init.c:26:16:26:20 | VariableAddress [post update] [nestedAB, a] | struct_init.c:31:8:31:12 | outer [read] [nestedAB, a] | +| struct_init.c:26:16:26:20 | VariableAddress [post update] [nestedAB, a] | struct_init.c:36:11:36:15 | outer [read] [nestedAB, a] | +| struct_init.c:26:23:29:3 | FieldAddress [post update] [a] | struct_init.c:26:16:26:20 | VariableAddress [post update] [nestedAB, a] | +| struct_init.c:27:5:27:23 | FieldAddress [post update] | struct_init.c:26:23:29:3 | FieldAddress [post update] [a] | +| struct_init.c:27:7:27:16 | call to user_input | struct_init.c:27:5:27:23 | FieldAddress [post update] | +| struct_init.c:31:8:31:12 | outer [read] [nestedAB, a] | struct_init.c:31:14:31:21 | nestedAB [read] [a] | +| struct_init.c:31:14:31:21 | nestedAB [read] [a] | struct_init.c:31:23:31:23 | FieldAddress [read] | +| struct_init.c:31:23:31:23 | FieldAddress [read] | struct_init.c:31:23:31:23 | a | +| struct_init.c:36:3:36:8 | & ... [a] | struct_init.c:14:24:14:25 | ab [a] | +| struct_init.c:36:11:36:15 | outer [read] [nestedAB, a] | struct_init.c:36:17:36:24 | nestedAB [read] [a] | +| struct_init.c:36:17:36:24 | nestedAB [read] [a] | struct_init.c:36:3:36:8 | & ... [a] | nodes | A.cpp:23:10:23:10 | c | semmle.label | c | -| A.cpp:25:7:25:17 | Chi [c] | semmle.label | Chi [c] | +| A.cpp:25:7:25:10 | this [post update] [c] | semmle.label | this [post update] [c] | +| A.cpp:25:13:25:13 | c [post update] | semmle.label | c [post update] | | A.cpp:27:17:27:17 | c | semmle.label | c | -| A.cpp:27:22:27:32 | Chi [c] | semmle.label | Chi [c] | -| A.cpp:28:8:28:10 | *#this [c] | semmle.label | *#this [c] | -| A.cpp:28:29:28:29 | Store | semmle.label | Store | -| A.cpp:55:5:55:5 | set output argument [c] | semmle.label | set output argument [c] | +| A.cpp:27:22:27:25 | this [post update] [c] | semmle.label | this [post update] [c] | +| A.cpp:27:28:27:28 | c [post update] | semmle.label | c [post update] | +| A.cpp:28:8:28:10 | ReturnValue | semmle.label | ReturnValue | +| A.cpp:28:8:28:10 | this [c] | semmle.label | this [c] | +| A.cpp:28:23:28:26 | this [read] [c] | semmle.label | this [read] [c] | +| A.cpp:28:29:28:29 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:29:15:29:18 | ReturnValue [c] | semmle.label | ReturnValue [c] | +| A.cpp:29:23:29:23 | c | semmle.label | c | +| A.cpp:31:14:31:21 | c | semmle.label | c | +| A.cpp:31:14:31:21 | new [post update] [c] | semmle.label | new [post update] [c] | +| A.cpp:47:12:47:18 | new | semmle.label | new | +| A.cpp:48:12:48:18 | c | semmle.label | c | +| A.cpp:48:12:48:18 | call to make [c] | semmle.label | call to make [c] | +| A.cpp:49:10:49:10 | b [read] [c] | semmle.label | b [read] [c] | +| A.cpp:49:10:49:13 | (void *)... | semmle.label | (void *)... | +| A.cpp:49:13:49:13 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:55:8:55:10 | b [post update] [c] | semmle.label | b [post update] [c] | | A.cpp:55:8:55:10 | new | semmle.label | new | | A.cpp:55:12:55:19 | (C *)... | semmle.label | (C *)... | | A.cpp:55:12:55:19 | new | semmle.label | new | -| A.cpp:56:10:56:10 | b indirection [c] | semmle.label | b indirection [c] | +| A.cpp:56:10:56:17 | (void *)... | semmle.label | (void *)... | +| A.cpp:56:13:56:15 | b [c] | semmle.label | b [c] | | A.cpp:56:13:56:15 | call to get | semmle.label | call to get | -| A.cpp:57:10:57:25 | new indirection [c] | semmle.label | new indirection [c] | -| A.cpp:57:11:57:24 | B output argument [c] | semmle.label | B output argument [c] | +| A.cpp:56:13:56:15 | call to get | semmle.label | call to get | +| A.cpp:57:10:57:32 | (void *)... | semmle.label | (void *)... | | A.cpp:57:11:57:24 | new | semmle.label | new | +| A.cpp:57:11:57:24 | new [post update] [c] | semmle.label | new [post update] [c] | | A.cpp:57:17:57:23 | new | semmle.label | new | | A.cpp:57:28:57:30 | call to get | semmle.label | call to get | +| A.cpp:57:28:57:30 | call to get | semmle.label | call to get | +| A.cpp:57:28:57:30 | new [c] | semmle.label | new [c] | +| A.cpp:64:10:64:15 | call to setOnB [c] | semmle.label | call to setOnB [c] | +| A.cpp:64:10:64:15 | new | semmle.label | new | +| A.cpp:64:21:64:28 | (C *)... | semmle.label | (C *)... | +| A.cpp:64:21:64:28 | new | semmle.label | new | +| A.cpp:66:10:66:11 | b2 [read] [c] | semmle.label | b2 [read] [c] | +| A.cpp:66:10:66:14 | (void *)... | semmle.label | (void *)... | +| A.cpp:66:14:66:14 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:73:10:73:19 | call to setOnBWrap [c] | semmle.label | call to setOnBWrap [c] | +| A.cpp:73:10:73:19 | new | semmle.label | new | +| A.cpp:73:25:73:32 | (C *)... | semmle.label | (C *)... | +| A.cpp:73:25:73:32 | new | semmle.label | new | +| A.cpp:75:10:75:11 | b2 [read] [c] | semmle.label | b2 [read] [c] | +| A.cpp:75:10:75:14 | (void *)... | semmle.label | (void *)... | +| A.cpp:75:14:75:14 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:78:6:78:15 | ReturnValue [c] | semmle.label | ReturnValue [c] | +| A.cpp:78:27:78:27 | c | semmle.label | c | +| A.cpp:81:10:81:15 | c | semmle.label | c | +| A.cpp:81:10:81:15 | call to setOnB [c] | semmle.label | call to setOnB [c] | +| A.cpp:85:9:85:14 | ReturnValue [c] | semmle.label | ReturnValue [c] | +| A.cpp:85:26:85:26 | c | semmle.label | c | +| A.cpp:90:11:90:13 | b2 [post update] [c] | semmle.label | b2 [post update] [c] | +| A.cpp:90:11:90:13 | c | semmle.label | c | | A.cpp:98:12:98:18 | new | semmle.label | new | -| A.cpp:100:5:100:13 | Chi [a] | semmle.label | Chi [a] | -| A.cpp:101:8:101:9 | c1 indirection [a] | semmle.label | c1 indirection [a] | -| A.cpp:103:14:103:14 | *c [a] | semmle.label | *c [a] | -| A.cpp:107:16:107:16 | a | semmle.label | a | -| A.cpp:126:5:126:5 | Chi [c] | semmle.label | Chi [c] | -| A.cpp:126:5:126:5 | set output argument [c] | semmle.label | set output argument [c] | +| A.cpp:100:5:100:6 | c1 [post update] [a] | semmle.label | c1 [post update] [a] | +| A.cpp:100:9:100:9 | a [post update] | semmle.label | a [post update] | +| A.cpp:101:5:101:6 | c1 [a] | semmle.label | c1 [a] | +| A.cpp:103:14:103:14 | c [a] | semmle.label | c [a] | +| A.cpp:107:12:107:13 | c1 [read] [a] | semmle.label | c1 [read] [a] | +| A.cpp:107:12:107:16 | (void *)... | semmle.label | (void *)... | +| A.cpp:107:16:107:16 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:120:12:120:13 | c1 [read] [a] | semmle.label | c1 [read] [a] | +| A.cpp:120:12:120:16 | (void *)... | semmle.label | (void *)... | +| A.cpp:120:16:120:16 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:126:5:126:5 | b [post update] [c] | semmle.label | b [post update] [c] | +| A.cpp:126:8:126:10 | b [post update] [c] | semmle.label | b [post update] [c] | | A.cpp:126:8:126:10 | new | semmle.label | new | | A.cpp:126:12:126:18 | new | semmle.label | new | -| A.cpp:131:8:131:8 | Chi [c] | semmle.label | Chi [c] | -| A.cpp:131:8:131:8 | f7 output argument [c] | semmle.label | f7 output argument [c] | -| A.cpp:132:13:132:13 | c | semmle.label | c | +| A.cpp:131:5:131:6 | b [post update] [c] | semmle.label | b [post update] [c] | +| A.cpp:132:10:132:10 | b [read] [c] | semmle.label | b [read] [c] | +| A.cpp:132:10:132:13 | (void *)... | semmle.label | (void *)... | +| A.cpp:132:13:132:13 | FieldAddress [read] | semmle.label | FieldAddress [read] | | A.cpp:140:13:140:13 | b | semmle.label | b | -| A.cpp:142:7:142:20 | Chi [c] | semmle.label | Chi [c] | +| A.cpp:142:7:142:7 | b [post update] [c] | semmle.label | b [post update] [c] | +| A.cpp:142:10:142:10 | c [post update] | semmle.label | c [post update] | | A.cpp:142:14:142:20 | new | semmle.label | new | -| A.cpp:143:7:143:31 | Chi [b] | semmle.label | Chi [b] | -| A.cpp:143:7:143:31 | Chi [b] | semmle.label | Chi [b] | +| A.cpp:143:7:143:10 | this [post update] [b, c] | semmle.label | this [post update] [b, c] | +| A.cpp:143:7:143:10 | this [post update] [b] | semmle.label | this [post update] [b] | +| A.cpp:143:7:143:10 | this [post update] [b] | semmle.label | this [post update] [b] | +| A.cpp:143:13:143:13 | b [post update] | semmle.label | b [post update] | +| A.cpp:143:13:143:13 | b [post update] | semmle.label | b [post update] | +| A.cpp:143:13:143:13 | b [post update] [c] | semmle.label | b [post update] [c] | | A.cpp:143:25:143:31 | new | semmle.label | new | | A.cpp:150:12:150:18 | new | semmle.label | new | -| A.cpp:151:12:151:24 | Chi [b] | semmle.label | Chi [b] | -| A.cpp:151:12:151:24 | D output argument [b] | semmle.label | D output argument [b] | | A.cpp:151:12:151:24 | b | semmle.label | b | -| A.cpp:151:18:151:18 | Chi [c] | semmle.label | Chi [c] | -| A.cpp:151:18:151:18 | D output argument [c] | semmle.label | D output argument [c] | -| A.cpp:152:13:152:13 | b | semmle.label | b | -| A.cpp:154:13:154:13 | c | semmle.label | c | -| C.cpp:18:12:18:18 | C output argument [s1] | semmle.label | C output argument [s1] | -| C.cpp:18:12:18:18 | C output argument [s3] | semmle.label | C output argument [s3] | -| C.cpp:19:5:19:5 | c indirection [s1] | semmle.label | c indirection [s1] | -| C.cpp:19:5:19:5 | c indirection [s3] | semmle.label | c indirection [s3] | -| C.cpp:22:12:22:21 | Chi [s1] | semmle.label | Chi [s1] | +| A.cpp:151:12:151:24 | b [post update] [c] | semmle.label | b [post update] [c] | +| A.cpp:151:12:151:24 | new [post update] [b, c] | semmle.label | new [post update] [b, c] | +| A.cpp:151:12:151:24 | new [post update] [b] | semmle.label | new [post update] [b] | +| A.cpp:152:10:152:10 | d [read] [b] | semmle.label | d [read] [b] | +| A.cpp:152:10:152:13 | (void *)... | semmle.label | (void *)... | +| A.cpp:152:13:152:13 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:153:10:153:10 | d [read] [b, c] | semmle.label | d [read] [b, c] | +| A.cpp:153:10:153:16 | (void *)... | semmle.label | (void *)... | +| A.cpp:153:13:153:13 | FieldAddress [read] [c] | semmle.label | FieldAddress [read] [c] | +| A.cpp:153:13:153:13 | b [read] [c] | semmle.label | b [read] [c] | +| A.cpp:153:16:153:16 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:154:10:154:10 | b [read] [c] | semmle.label | b [read] [c] | +| A.cpp:154:10:154:13 | (void *)... | semmle.label | (void *)... | +| A.cpp:154:13:154:13 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:159:12:159:18 | new | semmle.label | new | +| A.cpp:160:18:160:60 | b | semmle.label | b | +| A.cpp:160:18:160:60 | new [post update] [head] | semmle.label | new [post update] [head] | +| A.cpp:161:18:161:40 | l1 [head] | semmle.label | l1 [head] | +| A.cpp:161:18:161:40 | new [post update] [next, head] | semmle.label | new [post update] [next, head] | +| A.cpp:162:18:162:40 | l2 [next, head] | semmle.label | l2 [next, head] | +| A.cpp:162:18:162:40 | new [post update] [next, next, head] | semmle.label | new [post update] [next, next, head] | +| A.cpp:165:10:165:11 | l3 [read] [next, next, head] | semmle.label | l3 [read] [next, next, head] | +| A.cpp:165:10:165:29 | (void *)... | semmle.label | (void *)... | +| A.cpp:165:14:165:17 | FieldAddress [read] [next, head] | semmle.label | FieldAddress [read] [next, head] | +| A.cpp:165:14:165:17 | next [read] [next, head] | semmle.label | next [read] [next, head] | +| A.cpp:165:20:165:23 | FieldAddress [read] [head] | semmle.label | FieldAddress [read] [head] | +| A.cpp:165:20:165:23 | next [read] [head] | semmle.label | next [read] [head] | +| A.cpp:165:26:165:29 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:167:44:167:44 | l [read] [next, head] | semmle.label | l [read] [next, head] | +| A.cpp:167:44:167:44 | l [read] [next, next, head] | semmle.label | l [read] [next, next, head] | +| A.cpp:167:47:167:50 | FieldAddress [read] [head] | semmle.label | FieldAddress [read] [head] | +| A.cpp:167:47:167:50 | FieldAddress [read] [next, head] | semmle.label | FieldAddress [read] [next, head] | +| A.cpp:169:12:169:12 | l [read] [head] | semmle.label | l [read] [head] | +| A.cpp:169:12:169:18 | (void *)... | semmle.label | (void *)... | +| A.cpp:169:15:169:18 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| A.cpp:181:15:181:21 | newHead | semmle.label | newHead | +| A.cpp:181:32:181:35 | next [head] | semmle.label | next [head] | +| A.cpp:181:32:181:35 | next [next, head] | semmle.label | next [next, head] | +| A.cpp:183:7:183:10 | head [post update] | semmle.label | head [post update] | +| A.cpp:183:7:183:10 | this [post update] [head] | semmle.label | this [post update] [head] | +| A.cpp:184:7:184:10 | this [post update] [next, head] | semmle.label | this [post update] [next, head] | +| A.cpp:184:7:184:10 | this [post update] [next, next, head] | semmle.label | this [post update] [next, next, head] | +| A.cpp:184:13:184:16 | next [post update] [head] | semmle.label | next [post update] [head] | +| A.cpp:184:13:184:16 | next [post update] [next, head] | semmle.label | next [post update] [next, head] | +| B.cpp:6:15:6:24 | new | semmle.label | new | +| B.cpp:7:16:7:35 | e | semmle.label | e | +| B.cpp:7:16:7:35 | new [post update] [elem1] | semmle.label | new [post update] [elem1] | +| B.cpp:8:16:8:27 | b1 [elem1] | semmle.label | b1 [elem1] | +| B.cpp:8:16:8:27 | new [post update] [box1, elem1] | semmle.label | new [post update] [box1, elem1] | +| B.cpp:9:10:9:11 | b2 [read] [box1, elem1] | semmle.label | b2 [read] [box1, elem1] | +| B.cpp:9:10:9:24 | (void *)... | semmle.label | (void *)... | +| B.cpp:9:14:9:17 | FieldAddress [read] [elem1] | semmle.label | FieldAddress [read] [elem1] | +| B.cpp:9:14:9:17 | box1 [read] [elem1] | semmle.label | box1 [read] [elem1] | +| B.cpp:9:20:9:24 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| B.cpp:15:15:15:27 | new | semmle.label | new | +| B.cpp:16:16:16:38 | e | semmle.label | e | +| B.cpp:16:16:16:38 | new [post update] [elem2] | semmle.label | new [post update] [elem2] | +| B.cpp:17:16:17:27 | b1 [elem2] | semmle.label | b1 [elem2] | +| B.cpp:17:16:17:27 | new [post update] [box1, elem2] | semmle.label | new [post update] [box1, elem2] | +| B.cpp:19:10:19:11 | b2 [read] [box1, elem2] | semmle.label | b2 [read] [box1, elem2] | +| B.cpp:19:10:19:24 | (void *)... | semmle.label | (void *)... | +| B.cpp:19:14:19:17 | FieldAddress [read] [elem2] | semmle.label | FieldAddress [read] [elem2] | +| B.cpp:19:14:19:17 | box1 [read] [elem2] | semmle.label | box1 [read] [elem2] | +| B.cpp:19:20:19:24 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| B.cpp:33:16:33:17 | e1 | semmle.label | e1 | +| B.cpp:33:26:33:27 | e2 | semmle.label | e2 | +| B.cpp:35:7:35:10 | this [post update] [elem1] | semmle.label | this [post update] [elem1] | +| B.cpp:35:13:35:17 | elem1 [post update] | semmle.label | elem1 [post update] | +| B.cpp:36:7:36:10 | this [post update] [elem2] | semmle.label | this [post update] [elem2] | +| B.cpp:36:13:36:17 | elem2 [post update] | semmle.label | elem2 [post update] | +| B.cpp:44:16:44:17 | b1 [elem1] | semmle.label | b1 [elem1] | +| B.cpp:44:16:44:17 | b1 [elem2] | semmle.label | b1 [elem2] | +| B.cpp:46:7:46:10 | this [post update] [box1, elem1] | semmle.label | this [post update] [box1, elem1] | +| B.cpp:46:7:46:10 | this [post update] [box1, elem2] | semmle.label | this [post update] [box1, elem2] | +| B.cpp:46:13:46:16 | box1 [post update] [elem1] | semmle.label | box1 [post update] [elem1] | +| B.cpp:46:13:46:16 | box1 [post update] [elem2] | semmle.label | box1 [post update] [elem2] | +| C.cpp:18:12:18:18 | new [post update] [s1] | semmle.label | new [post update] [s1] | +| C.cpp:19:8:19:11 | c [s1] | semmle.label | c [s1] | +| C.cpp:22:3:22:3 | this [post update] [s1] | semmle.label | this [post update] [s1] | +| C.cpp:22:9:22:22 | FieldAddress [post update] | semmle.label | FieldAddress [post update] | | C.cpp:22:12:22:21 | new | semmle.label | new | -| C.cpp:24:5:24:25 | Chi [s1] | semmle.label | Chi [s1] | -| C.cpp:24:5:24:25 | Chi [s3] | semmle.label | Chi [s3] | -| C.cpp:24:16:24:25 | new | semmle.label | new | -| C.cpp:27:8:27:11 | *#this [s1] | semmle.label | *#this [s1] | -| C.cpp:27:8:27:11 | *#this [s3] | semmle.label | *#this [s3] | +| C.cpp:27:8:27:11 | this [s1] | semmle.label | this [s1] | +| C.cpp:29:10:29:11 | FieldAddress [read] | semmle.label | FieldAddress [read] | | C.cpp:29:10:29:11 | s1 | semmle.label | s1 | -| C.cpp:31:10:31:11 | s3 | semmle.label | s3 | -| aliasing.cpp:9:3:9:22 | Chi [m1] | semmle.label | Chi [m1] | +| C.cpp:29:10:29:11 | this [read] [s1] | semmle.label | this [read] [s1] | +| D.cpp:10:11:10:17 | ReturnValue | semmle.label | ReturnValue | +| D.cpp:10:11:10:17 | this [elem] | semmle.label | this [elem] | +| D.cpp:10:30:10:33 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| D.cpp:10:30:10:33 | this [read] [elem] | semmle.label | this [read] [elem] | +| D.cpp:11:24:11:24 | e | semmle.label | e | +| D.cpp:11:29:11:32 | elem [post update] | semmle.label | elem [post update] | +| D.cpp:11:29:11:32 | this [post update] [elem] | semmle.label | this [post update] [elem] | +| D.cpp:17:11:17:17 | ReturnValue [elem] | semmle.label | ReturnValue [elem] | +| D.cpp:17:11:17:17 | this [box, elem] | semmle.label | this [box, elem] | +| D.cpp:17:30:17:32 | FieldAddress [read] [elem] | semmle.label | FieldAddress [read] [elem] | +| D.cpp:17:30:17:32 | this [read] [box, elem] | semmle.label | this [read] [box, elem] | +| D.cpp:21:30:21:31 | b2 [box, elem] | semmle.label | b2 [box, elem] | +| D.cpp:22:10:22:33 | (void *)... | semmle.label | (void *)... | +| D.cpp:22:14:22:20 | b2 [box, elem] | semmle.label | b2 [box, elem] | +| D.cpp:22:14:22:20 | call to getBox1 [elem] | semmle.label | call to getBox1 [elem] | +| D.cpp:22:25:22:31 | call to getBox1 [elem] | semmle.label | call to getBox1 [elem] | +| D.cpp:22:25:22:31 | call to getElem | semmle.label | call to getElem | +| D.cpp:22:25:22:31 | call to getElem | semmle.label | call to getElem | +| D.cpp:28:15:28:24 | new | semmle.label | new | +| D.cpp:30:5:30:5 | b [post update] [box, elem] | semmle.label | b [post update] [box, elem] | +| D.cpp:30:8:30:10 | FieldAddress [post update] [elem] | semmle.label | FieldAddress [post update] [elem] | +| D.cpp:30:8:30:10 | box [post update] [elem] | semmle.label | box [post update] [elem] | +| D.cpp:30:13:30:16 | elem [post update] | semmle.label | elem [post update] | +| D.cpp:31:5:31:12 | b [box, elem] | semmle.label | b [box, elem] | +| D.cpp:35:15:35:24 | new | semmle.label | new | +| D.cpp:37:5:37:5 | b [post update] [box, elem] | semmle.label | b [post update] [box, elem] | +| D.cpp:37:8:37:10 | FieldAddress [post update] [elem] | semmle.label | FieldAddress [post update] [elem] | +| D.cpp:37:13:37:19 | box [post update] [elem] | semmle.label | box [post update] [elem] | +| D.cpp:37:13:37:19 | e | semmle.label | e | +| D.cpp:38:5:38:12 | b [box, elem] | semmle.label | b [box, elem] | +| D.cpp:42:15:42:24 | new | semmle.label | new | +| D.cpp:44:8:44:14 | b [post update] [box, elem] | semmle.label | b [post update] [box, elem] | +| D.cpp:44:8:44:14 | call to getBox1 [post update] [elem] | semmle.label | call to getBox1 [post update] [elem] | +| D.cpp:44:19:44:22 | elem [post update] | semmle.label | elem [post update] | +| D.cpp:45:5:45:12 | b [box, elem] | semmle.label | b [box, elem] | +| D.cpp:49:15:49:24 | new | semmle.label | new | +| D.cpp:51:8:51:14 | b [post update] [box, elem] | semmle.label | b [post update] [box, elem] | +| D.cpp:51:8:51:14 | call to getBox1 [post update] [elem] | semmle.label | call to getBox1 [post update] [elem] | +| D.cpp:51:19:51:25 | call to getBox1 [post update] [elem] | semmle.label | call to getBox1 [post update] [elem] | +| D.cpp:51:19:51:25 | e | semmle.label | e | +| D.cpp:52:5:52:12 | b [box, elem] | semmle.label | b [box, elem] | +| D.cpp:56:15:56:24 | new | semmle.label | new | +| D.cpp:58:5:58:12 | FieldAddress [post update] [box, elem] | semmle.label | FieldAddress [post update] [box, elem] | +| D.cpp:58:5:58:12 | boxfield [post update] [box, elem] | semmle.label | boxfield [post update] [box, elem] | +| D.cpp:58:5:58:12 | this [post update] [boxfield, box, elem] | semmle.label | this [post update] [boxfield, box, elem] | +| D.cpp:58:15:58:17 | FieldAddress [post update] [elem] | semmle.label | FieldAddress [post update] [elem] | +| D.cpp:58:15:58:17 | box [post update] [elem] | semmle.label | box [post update] [elem] | +| D.cpp:58:20:58:23 | elem [post update] | semmle.label | elem [post update] | +| D.cpp:59:5:59:7 | this [boxfield, box, elem] | semmle.label | this [boxfield, box, elem] | +| D.cpp:63:8:63:10 | this [boxfield, box, elem] | semmle.label | this [boxfield, box, elem] | +| D.cpp:64:10:64:17 | FieldAddress [read] [box, elem] | semmle.label | FieldAddress [read] [box, elem] | +| D.cpp:64:10:64:17 | boxfield [read] [box, elem] | semmle.label | boxfield [read] [box, elem] | +| D.cpp:64:10:64:17 | this [read] [boxfield, box, elem] | semmle.label | this [read] [boxfield, box, elem] | +| D.cpp:64:10:64:28 | (void *)... | semmle.label | (void *)... | +| D.cpp:64:20:64:22 | FieldAddress [read] [elem] | semmle.label | FieldAddress [read] [elem] | +| D.cpp:64:20:64:22 | box [read] [elem] | semmle.label | box [read] [elem] | +| D.cpp:64:25:64:28 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| E.cpp:19:27:19:27 | *p [data, buffer] | semmle.label | *p [data, buffer] | +| E.cpp:21:10:21:10 | p [read] [data, buffer] | semmle.label | p [read] [data, buffer] | +| E.cpp:21:13:21:16 | data [read] [buffer] | semmle.label | data [read] [buffer] | +| E.cpp:21:18:21:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| E.cpp:21:18:21:23 | buffer | semmle.label | buffer | +| E.cpp:28:21:28:23 | argument_source output argument | semmle.label | argument_source output argument | +| E.cpp:29:21:29:21 | b [post update] [buffer] | semmle.label | b [post update] [buffer] | +| E.cpp:29:21:29:29 | argument_source output argument | semmle.label | argument_source output argument | +| E.cpp:29:24:29:29 | FieldAddress [post update] | semmle.label | FieldAddress [post update] | +| E.cpp:30:21:30:21 | p [post update] [data, buffer] | semmle.label | p [post update] [data, buffer] | +| E.cpp:30:21:30:33 | argument_source output argument | semmle.label | argument_source output argument | +| E.cpp:30:23:30:26 | data [post update] [buffer] | semmle.label | data [post update] [buffer] | +| E.cpp:30:28:30:33 | FieldAddress [post update] | semmle.label | FieldAddress [post update] | +| E.cpp:31:10:31:12 | raw | semmle.label | raw | +| E.cpp:32:10:32:10 | b [read] [buffer] | semmle.label | b [read] [buffer] | +| E.cpp:32:13:32:18 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| E.cpp:32:13:32:18 | buffer | semmle.label | buffer | +| E.cpp:33:18:33:19 | & ... indirection [data, buffer] | semmle.label | & ... indirection [data, buffer] | +| aliasing.cpp:9:3:9:3 | s [post update] [m1] | semmle.label | s [post update] [m1] | +| aliasing.cpp:9:6:9:7 | m1 [post update] | semmle.label | m1 [post update] | | aliasing.cpp:9:11:9:20 | call to user_input | semmle.label | call to user_input | -| aliasing.cpp:13:3:13:21 | Chi [m1] | semmle.label | Chi [m1] | +| aliasing.cpp:13:3:13:3 | (reference dereference) [post update] [m1] | semmle.label | (reference dereference) [post update] [m1] | +| aliasing.cpp:13:3:13:3 | s [post update] [m1] | semmle.label | s [post update] [m1] | +| aliasing.cpp:13:5:13:6 | m1 [post update] | semmle.label | m1 [post update] | | aliasing.cpp:13:10:13:19 | call to user_input | semmle.label | call to user_input | -| aliasing.cpp:25:17:25:19 | Chi [m1] | semmle.label | Chi [m1] | -| aliasing.cpp:25:17:25:19 | pointerSetter output argument [m1] | semmle.label | pointerSetter output argument [m1] | -| aliasing.cpp:26:19:26:20 | Chi [m1] | semmle.label | Chi [m1] | -| aliasing.cpp:26:19:26:20 | referenceSetter output argument [m1] | semmle.label | referenceSetter output argument [m1] | +| aliasing.cpp:25:3:25:15 | & ... [post update] [m1] | semmle.label | & ... [post update] [m1] | +| aliasing.cpp:26:3:26:17 | s2 [post update] [m1] | semmle.label | s2 [post update] [m1] | +| aliasing.cpp:29:8:29:9 | s1 [read] [m1] | semmle.label | s1 [read] [m1] | +| aliasing.cpp:29:11:29:12 | FieldAddress [read] | semmle.label | FieldAddress [read] | | aliasing.cpp:29:11:29:12 | m1 | semmle.label | m1 | +| aliasing.cpp:30:8:30:9 | s2 [read] [m1] | semmle.label | s2 [read] [m1] | +| aliasing.cpp:30:11:30:12 | FieldAddress [read] | semmle.label | FieldAddress [read] | | aliasing.cpp:30:11:30:12 | m1 | semmle.label | m1 | -| aliasing.cpp:37:13:37:22 | call to user_input | semmle.label | call to user_input | -| aliasing.cpp:38:11:38:12 | m1 | semmle.label | m1 | -| aliasing.cpp:42:11:42:20 | call to user_input | semmle.label | call to user_input | -| aliasing.cpp:43:13:43:14 | m1 | semmle.label | m1 | -| aliasing.cpp:60:3:60:22 | Chi [m1] | semmle.label | Chi [m1] | +| aliasing.cpp:60:3:60:4 | s2 [post update] [m1] | semmle.label | s2 [post update] [m1] | +| aliasing.cpp:60:6:60:7 | m1 [post update] | semmle.label | m1 [post update] | | aliasing.cpp:60:11:60:20 | call to user_input | semmle.label | call to user_input | -| aliasing.cpp:61:13:61:14 | Store [m1] | semmle.label | Store [m1] | +| aliasing.cpp:62:8:62:12 | copy2 [read] [m1] | semmle.label | copy2 [read] [m1] | +| aliasing.cpp:62:14:62:15 | FieldAddress [read] | semmle.label | FieldAddress [read] | | aliasing.cpp:62:14:62:15 | m1 | semmle.label | m1 | -| aliasing.cpp:79:11:79:20 | call to user_input | semmle.label | call to user_input | -| aliasing.cpp:80:12:80:13 | m1 | semmle.label | m1 | -| aliasing.cpp:86:10:86:19 | call to user_input | semmle.label | call to user_input | -| aliasing.cpp:87:12:87:13 | m1 | semmle.label | m1 | +| aliasing.cpp:92:3:92:3 | w [post update] [s, m1] | semmle.label | w [post update] [s, m1] | +| aliasing.cpp:92:5:92:5 | s [post update] [m1] | semmle.label | s [post update] [m1] | +| aliasing.cpp:92:7:92:8 | m1 [post update] | semmle.label | m1 [post update] | | aliasing.cpp:92:12:92:21 | call to user_input | semmle.label | call to user_input | +| aliasing.cpp:93:8:93:8 | w [read] [s, m1] | semmle.label | w [read] [s, m1] | +| aliasing.cpp:93:10:93:10 | s [read] [m1] | semmle.label | s [read] [m1] | +| aliasing.cpp:93:12:93:13 | FieldAddress [read] | semmle.label | FieldAddress [read] | | aliasing.cpp:93:12:93:13 | m1 | semmle.label | m1 | -| aliasing.cpp:98:3:98:21 | Chi [m1] | semmle.label | Chi [m1] | -| aliasing.cpp:98:10:98:19 | call to user_input | semmle.label | call to user_input | -| aliasing.cpp:100:14:100:14 | Store [m1] | semmle.label | Store [m1] | -| aliasing.cpp:102:8:102:10 | * ... | semmle.label | * ... | -| aliasing.cpp:106:3:106:20 | Chi [[]] | semmle.label | Chi [[]] | +| aliasing.cpp:106:3:106:5 | * ... [post update] | semmle.label | * ... [post update] | +| aliasing.cpp:106:4:106:5 | pa [post update] | semmle.label | pa [post update] | | aliasing.cpp:106:9:106:18 | call to user_input | semmle.label | call to user_input | -| aliasing.cpp:121:15:121:16 | Chi [[]] | semmle.label | Chi [[]] | -| aliasing.cpp:121:15:121:16 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] | -| aliasing.cpp:122:8:122:12 | access to array | semmle.label | access to array | -| aliasing.cpp:131:15:131:16 | Chi [[]] | semmle.label | Chi [[]] | -| aliasing.cpp:131:15:131:16 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] | -| aliasing.cpp:132:8:132:14 | * ... | semmle.label | * ... | -| aliasing.cpp:136:15:136:17 | Chi [[]] | semmle.label | Chi [[]] | -| aliasing.cpp:136:15:136:17 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] | -| aliasing.cpp:137:8:137:11 | * ... | semmle.label | * ... | -| aliasing.cpp:175:15:175:22 | Chi | semmle.label | Chi | -| aliasing.cpp:175:15:175:22 | Chi [m1] | semmle.label | Chi [m1] | -| aliasing.cpp:175:15:175:22 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] | +| aliasing.cpp:141:3:141:13 | data [post update] | semmle.label | data [post update] | +| aliasing.cpp:141:15:141:15 | s [post update] [data] | semmle.label | s [post update] [data] | +| aliasing.cpp:141:17:141:20 | FieldAddress [post update] | semmle.label | FieldAddress [post update] | +| aliasing.cpp:143:8:143:8 | s [read] [data] | semmle.label | s [read] [data] | +| aliasing.cpp:143:8:143:16 | access to array | semmle.label | access to array | +| aliasing.cpp:143:10:143:13 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| aliasing.cpp:158:3:158:13 | data [post update] | semmle.label | data [post update] | +| aliasing.cpp:158:15:158:15 | s [post update] [data] | semmle.label | s [post update] [data] | +| aliasing.cpp:158:17:158:20 | data [post update] | semmle.label | data [post update] | +| aliasing.cpp:159:8:159:14 | * ... | semmle.label | * ... | +| aliasing.cpp:159:9:159:9 | s [read] [data] | semmle.label | s [read] [data] | +| aliasing.cpp:159:11:159:14 | data [read] | semmle.label | data [read] | +| aliasing.cpp:164:3:164:13 | data [post update] | semmle.label | data [post update] | +| aliasing.cpp:164:15:164:15 | s [post update] [data] | semmle.label | s [post update] [data] | +| aliasing.cpp:164:17:164:20 | data [post update] | semmle.label | data [post update] | +| aliasing.cpp:165:8:165:8 | s [read] [data] | semmle.label | s [read] [data] | +| aliasing.cpp:165:8:165:16 | access to array | semmle.label | access to array | +| aliasing.cpp:165:10:165:13 | data [read] | semmle.label | data [read] | +| aliasing.cpp:175:3:175:13 | & ... [post update] | semmle.label | & ... [post update] | +| aliasing.cpp:175:16:175:17 | s2 [post update] [s, m1] | semmle.label | s2 [post update] [s, m1] | +| aliasing.cpp:175:19:175:19 | s [post update] [m1] | semmle.label | s [post update] [m1] | +| aliasing.cpp:175:21:175:22 | m1 [post update] | semmle.label | m1 [post update] | +| aliasing.cpp:176:8:176:9 | s2 [read] [s, m1] | semmle.label | s2 [read] [s, m1] | +| aliasing.cpp:176:11:176:11 | s [read] [m1] | semmle.label | s [read] [m1] | +| aliasing.cpp:176:13:176:14 | FieldAddress [read] | semmle.label | FieldAddress [read] | | aliasing.cpp:176:13:176:14 | m1 | semmle.label | m1 | -| aliasing.cpp:187:15:187:22 | Chi | semmle.label | Chi | -| aliasing.cpp:187:15:187:22 | Chi [m1] | semmle.label | Chi [m1] | -| aliasing.cpp:187:15:187:22 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] | -| aliasing.cpp:188:13:188:14 | Store [m1] | semmle.label | Store [m1] | +| aliasing.cpp:187:3:187:13 | & ... [post update] | semmle.label | & ... [post update] | +| aliasing.cpp:187:16:187:17 | s2 [post update] [s, m1] | semmle.label | s2 [post update] [s, m1] | +| aliasing.cpp:187:19:187:19 | s [post update] [m1] | semmle.label | s [post update] [m1] | +| aliasing.cpp:187:21:187:22 | m1 [post update] | semmle.label | m1 [post update] | +| aliasing.cpp:189:8:189:11 | s2_2 [read] [s, m1] | semmle.label | s2_2 [read] [s, m1] | +| aliasing.cpp:189:13:189:13 | s [read] [m1] | semmle.label | s [read] [m1] | +| aliasing.cpp:189:15:189:16 | FieldAddress [read] | semmle.label | FieldAddress [read] | | aliasing.cpp:189:15:189:16 | m1 | semmle.label | m1 | -| aliasing.cpp:200:15:200:24 | Chi | semmle.label | Chi | -| aliasing.cpp:200:15:200:24 | Chi [m1] | semmle.label | Chi [m1] | -| aliasing.cpp:200:15:200:24 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] | +| aliasing.cpp:200:3:200:13 | & ... [post update] | semmle.label | & ... [post update] | +| aliasing.cpp:200:16:200:18 | ps2 [post update] [s, m1] | semmle.label | ps2 [post update] [s, m1] | +| aliasing.cpp:200:21:200:21 | s [post update] [m1] | semmle.label | s [post update] [m1] | +| aliasing.cpp:200:23:200:24 | m1 [post update] | semmle.label | m1 [post update] | +| aliasing.cpp:201:8:201:10 | ps2 [read] [s, m1] | semmle.label | ps2 [read] [s, m1] | +| aliasing.cpp:201:13:201:13 | s [read] [m1] | semmle.label | s [read] [m1] | +| aliasing.cpp:201:15:201:16 | FieldAddress [read] | semmle.label | FieldAddress [read] | | aliasing.cpp:201:15:201:16 | m1 | semmle.label | m1 | | arrays.cpp:6:12:6:21 | call to user_input | semmle.label | call to user_input | | arrays.cpp:7:8:7:13 | access to array | semmle.label | access to array | +| arrays.cpp:8:8:8:13 | access to array | semmle.label | access to array | | arrays.cpp:9:8:9:11 | * ... | semmle.label | * ... | | arrays.cpp:10:8:10:15 | * ... | semmle.label | * ... | | arrays.cpp:15:14:15:23 | call to user_input | semmle.label | call to user_input | | arrays.cpp:16:8:16:13 | access to array | semmle.label | access to array | +| arrays.cpp:17:8:17:13 | access to array | semmle.label | access to array | +| arrays.cpp:36:3:36:3 | o [post update] [nested, arr, data] | semmle.label | o [post update] [nested, arr, data] | +| arrays.cpp:36:3:36:17 | access to array [post update] [data] | semmle.label | access to array [post update] [data] | +| arrays.cpp:36:5:36:10 | nested [post update] [arr, data] | semmle.label | nested [post update] [arr, data] | +| arrays.cpp:36:12:36:14 | arr [post update] [data] | semmle.label | arr [post update] [data] | +| arrays.cpp:36:19:36:22 | data [post update] | semmle.label | data [post update] | | arrays.cpp:36:26:36:35 | call to user_input | semmle.label | call to user_input | +| arrays.cpp:37:8:37:8 | o [read] [nested, arr, data] | semmle.label | o [read] [nested, arr, data] | +| arrays.cpp:37:8:37:22 | access to array [read] [data] | semmle.label | access to array [read] [data] | +| arrays.cpp:37:10:37:15 | nested [read] [arr, data] | semmle.label | nested [read] [arr, data] | +| arrays.cpp:37:17:37:19 | arr [read] [data] | semmle.label | arr [read] [data] | +| arrays.cpp:37:24:37:27 | FieldAddress [read] | semmle.label | FieldAddress [read] | | arrays.cpp:37:24:37:27 | data | semmle.label | data | +| arrays.cpp:38:8:38:8 | o [read] [nested, arr, data] | semmle.label | o [read] [nested, arr, data] | +| arrays.cpp:38:8:38:22 | access to array [read] [data] | semmle.label | access to array [read] [data] | +| arrays.cpp:38:10:38:15 | nested [read] [arr, data] | semmle.label | nested [read] [arr, data] | +| arrays.cpp:38:17:38:19 | arr [read] [data] | semmle.label | arr [read] [data] | +| arrays.cpp:38:24:38:27 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| arrays.cpp:38:24:38:27 | data | semmle.label | data | +| arrays.cpp:42:3:42:3 | o [post update] [indirect, arr, data] | semmle.label | o [post update] [indirect, arr, data] | +| arrays.cpp:42:3:42:20 | access to array [post update] [data] | semmle.label | access to array [post update] [data] | +| arrays.cpp:42:5:42:12 | FieldAddress [post update] [arr, data] | semmle.label | FieldAddress [post update] [arr, data] | +| arrays.cpp:42:5:42:12 | indirect [post update] [arr, data] | semmle.label | indirect [post update] [arr, data] | +| arrays.cpp:42:15:42:17 | arr [post update] [data] | semmle.label | arr [post update] [data] | +| arrays.cpp:42:22:42:25 | data [post update] | semmle.label | data [post update] | +| arrays.cpp:42:29:42:38 | call to user_input | semmle.label | call to user_input | +| arrays.cpp:43:8:43:8 | o [read] [indirect, arr, data] | semmle.label | o [read] [indirect, arr, data] | +| arrays.cpp:43:8:43:25 | access to array [read] [data] | semmle.label | access to array [read] [data] | +| arrays.cpp:43:10:43:17 | FieldAddress [read] [arr, data] | semmle.label | FieldAddress [read] [arr, data] | +| arrays.cpp:43:10:43:17 | indirect [read] [arr, data] | semmle.label | indirect [read] [arr, data] | +| arrays.cpp:43:20:43:22 | arr [read] [data] | semmle.label | arr [read] [data] | +| arrays.cpp:43:27:43:30 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| arrays.cpp:43:27:43:30 | data | semmle.label | data | +| arrays.cpp:44:8:44:8 | o [read] [indirect, arr, data] | semmle.label | o [read] [indirect, arr, data] | +| arrays.cpp:44:8:44:25 | access to array [read] [data] | semmle.label | access to array [read] [data] | +| arrays.cpp:44:10:44:17 | FieldAddress [read] [arr, data] | semmle.label | FieldAddress [read] [arr, data] | +| arrays.cpp:44:10:44:17 | indirect [read] [arr, data] | semmle.label | indirect [read] [arr, data] | +| arrays.cpp:44:20:44:22 | arr [read] [data] | semmle.label | arr [read] [data] | +| arrays.cpp:44:27:44:30 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| arrays.cpp:44:27:44:30 | data | semmle.label | data | +| arrays.cpp:48:3:48:3 | o [post update] [indirect, ptr, data] | semmle.label | o [post update] [indirect, ptr, data] | +| arrays.cpp:48:3:48:20 | access to array [post update] [data] | semmle.label | access to array [post update] [data] | +| arrays.cpp:48:5:48:12 | FieldAddress [post update] [ptr, data] | semmle.label | FieldAddress [post update] [ptr, data] | +| arrays.cpp:48:5:48:12 | indirect [post update] [ptr, data] | semmle.label | indirect [post update] [ptr, data] | +| arrays.cpp:48:15:48:17 | FieldAddress [post update] [data] | semmle.label | FieldAddress [post update] [data] | +| arrays.cpp:48:22:48:25 | data [post update] | semmle.label | data [post update] | +| arrays.cpp:48:29:48:38 | call to user_input | semmle.label | call to user_input | +| arrays.cpp:49:8:49:8 | o [read] [indirect, ptr, data] | semmle.label | o [read] [indirect, ptr, data] | +| arrays.cpp:49:8:49:25 | access to array [read] [data] | semmle.label | access to array [read] [data] | +| arrays.cpp:49:10:49:17 | FieldAddress [read] [ptr, data] | semmle.label | FieldAddress [read] [ptr, data] | +| arrays.cpp:49:10:49:17 | indirect [read] [ptr, data] | semmle.label | indirect [read] [ptr, data] | +| arrays.cpp:49:20:49:22 | FieldAddress [read] [data] | semmle.label | FieldAddress [read] [data] | +| arrays.cpp:49:27:49:30 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| arrays.cpp:49:27:49:30 | data | semmle.label | data | +| arrays.cpp:50:8:50:8 | o [read] [indirect, ptr, data] | semmle.label | o [read] [indirect, ptr, data] | +| arrays.cpp:50:8:50:25 | access to array [read] [data] | semmle.label | access to array [read] [data] | +| arrays.cpp:50:10:50:17 | FieldAddress [read] [ptr, data] | semmle.label | FieldAddress [read] [ptr, data] | +| arrays.cpp:50:10:50:17 | indirect [read] [ptr, data] | semmle.label | indirect [read] [ptr, data] | +| arrays.cpp:50:20:50:22 | FieldAddress [read] [data] | semmle.label | FieldAddress [read] [data] | +| arrays.cpp:50:27:50:30 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| arrays.cpp:50:27:50:30 | data | semmle.label | data | | by_reference.cpp:11:48:11:52 | value | semmle.label | value | -| by_reference.cpp:12:5:12:16 | Chi [a] | semmle.label | Chi [a] | +| by_reference.cpp:12:5:12:5 | s [post update] [a] | semmle.label | s [post update] [a] | +| by_reference.cpp:12:8:12:8 | a [post update] | semmle.label | a [post update] | | by_reference.cpp:15:26:15:30 | value | semmle.label | value | -| by_reference.cpp:16:5:16:19 | Chi [a] | semmle.label | Chi [a] | +| by_reference.cpp:16:5:16:8 | this [post update] [a] | semmle.label | this [post update] [a] | +| by_reference.cpp:16:11:16:11 | a [post update] | semmle.label | a [post update] | | by_reference.cpp:19:28:19:32 | value | semmle.label | value | -| by_reference.cpp:20:5:20:8 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:20:5:20:8 | setDirectly output argument [a] | semmle.label | setDirectly output argument [a] | +| by_reference.cpp:20:5:20:8 | this [post update] [a] | semmle.label | this [post update] [a] | +| by_reference.cpp:20:11:20:21 | this [post update] [a] | semmle.label | this [post update] [a] | | by_reference.cpp:20:11:20:21 | value | semmle.label | value | | by_reference.cpp:23:34:23:38 | value | semmle.label | value | +| by_reference.cpp:24:5:24:17 | this [post update] [a] | semmle.label | this [post update] [a] | | by_reference.cpp:24:5:24:17 | value | semmle.label | value | -| by_reference.cpp:24:19:24:22 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] | semmle.label | nonMemberSetA output argument [a] | +| by_reference.cpp:24:19:24:22 | this [post update] [a] | semmle.label | this [post update] [a] | +| by_reference.cpp:31:16:31:28 | ReturnValue | semmle.label | ReturnValue | +| by_reference.cpp:31:16:31:28 | ReturnValue | semmle.label | ReturnValue | | by_reference.cpp:31:46:31:46 | *s [a] | semmle.label | *s [a] | -| by_reference.cpp:32:15:32:15 | Store | semmle.label | Store | +| by_reference.cpp:31:46:31:46 | s [a] | semmle.label | s [a] | +| by_reference.cpp:32:12:32:12 | s [read] [a] | semmle.label | s [read] [a] | +| by_reference.cpp:32:12:32:12 | s [read] [a] | semmle.label | s [read] [a] | +| by_reference.cpp:32:15:32:15 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| by_reference.cpp:32:15:32:15 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:35:9:35:19 | *#this [a] | semmle.label | *#this [a] | -| by_reference.cpp:36:18:36:18 | Store | semmle.label | Store | +| by_reference.cpp:35:9:35:19 | ReturnValue | semmle.label | ReturnValue | +| by_reference.cpp:35:9:35:19 | ReturnValue | semmle.label | ReturnValue | +| by_reference.cpp:35:9:35:19 | this [a] | semmle.label | this [a] | +| by_reference.cpp:36:12:36:15 | this [read] [a] | semmle.label | this [read] [a] | +| by_reference.cpp:36:12:36:15 | this [read] [a] | semmle.label | this [read] [a] | +| by_reference.cpp:36:18:36:18 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| by_reference.cpp:36:18:36:18 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:39:9:39:21 | *#this [a] | semmle.label | *#this [a] | -| by_reference.cpp:40:12:40:15 | this indirection [a] | semmle.label | this indirection [a] | -| by_reference.cpp:40:18:40:28 | Store | semmle.label | Store | +| by_reference.cpp:39:9:39:21 | ReturnValue | semmle.label | ReturnValue | | by_reference.cpp:40:18:40:28 | call to getDirectly | semmle.label | call to getDirectly | +| by_reference.cpp:40:18:40:28 | this [a] | semmle.label | this [a] | | by_reference.cpp:43:9:43:27 | *#this [a] | semmle.label | *#this [a] | -| by_reference.cpp:44:12:44:24 | Store | semmle.label | Store | +| by_reference.cpp:43:9:43:27 | ReturnValue | semmle.label | ReturnValue | | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | semmle.label | call to nonMemberGetA | -| by_reference.cpp:44:26:44:29 | this indirection [a] | semmle.label | this indirection [a] | -| by_reference.cpp:50:3:50:3 | setDirectly output argument [a] | semmle.label | setDirectly output argument [a] | +| by_reference.cpp:44:12:44:24 | this [a] | semmle.label | this [a] | | by_reference.cpp:50:5:50:15 | call to user_input | semmle.label | call to user_input | +| by_reference.cpp:50:5:50:15 | s [post update] [a] | semmle.label | s [post update] [a] | | by_reference.cpp:50:17:50:26 | call to user_input | semmle.label | call to user_input | | by_reference.cpp:51:8:51:8 | s indirection [a] | semmle.label | s indirection [a] | | by_reference.cpp:51:10:51:20 | call to getDirectly | semmle.label | call to getDirectly | -| by_reference.cpp:56:3:56:3 | setIndirectly output argument [a] | semmle.label | setIndirectly output argument [a] | | by_reference.cpp:56:5:56:17 | call to user_input | semmle.label | call to user_input | +| by_reference.cpp:56:5:56:17 | s [post update] [a] | semmle.label | s [post update] [a] | | by_reference.cpp:56:19:56:28 | call to user_input | semmle.label | call to user_input | | by_reference.cpp:57:8:57:8 | s indirection [a] | semmle.label | s indirection [a] | | by_reference.cpp:57:10:57:22 | call to getIndirectly | semmle.label | call to getIndirectly | -| by_reference.cpp:62:3:62:3 | setThroughNonMember output argument [a] | semmle.label | setThroughNonMember output argument [a] | | by_reference.cpp:62:5:62:23 | call to user_input | semmle.label | call to user_input | +| by_reference.cpp:62:5:62:23 | s [post update] [a] | semmle.label | s [post update] [a] | | by_reference.cpp:62:25:62:34 | call to user_input | semmle.label | call to user_input | | by_reference.cpp:63:8:63:8 | s indirection [a] | semmle.label | s indirection [a] | | by_reference.cpp:63:10:63:28 | call to getThroughNonMember | semmle.label | call to getThroughNonMember | +| by_reference.cpp:68:3:68:15 | & ... [post update] [a] | semmle.label | & ... [post update] [a] | | by_reference.cpp:68:3:68:15 | call to user_input | semmle.label | call to user_input | -| by_reference.cpp:68:17:68:18 | nonMemberSetA output argument [a] | semmle.label | nonMemberSetA output argument [a] | | by_reference.cpp:68:21:68:30 | call to user_input | semmle.label | call to user_input | | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | semmle.label | call to nonMemberGetA | | by_reference.cpp:69:22:69:23 | & ... indirection [a] | semmle.label | & ... indirection [a] | -| by_reference.cpp:84:3:84:25 | Chi [a] | semmle.label | Chi [a] | +| by_reference.cpp:84:3:84:7 | inner [post update] [a] | semmle.label | inner [post update] [a] | +| by_reference.cpp:84:10:84:10 | a [post update] | semmle.label | a [post update] | | by_reference.cpp:84:14:84:23 | call to user_input | semmle.label | call to user_input | -| by_reference.cpp:88:3:88:24 | Chi [a] | semmle.label | Chi [a] | +| by_reference.cpp:88:3:88:7 | (reference dereference) [post update] [a] | semmle.label | (reference dereference) [post update] [a] | +| by_reference.cpp:88:3:88:7 | inner [post update] [a] | semmle.label | inner [post update] [a] | +| by_reference.cpp:88:9:88:9 | a [post update] | semmle.label | a [post update] | | by_reference.cpp:88:13:88:22 | call to user_input | semmle.label | call to user_input | -| by_reference.cpp:92:3:92:20 | Chi [[]] | semmle.label | Chi [[]] | +| by_reference.cpp:92:3:92:5 | * ... [post update] | semmle.label | * ... [post update] | +| by_reference.cpp:92:4:92:5 | pa [post update] | semmle.label | pa [post update] | | by_reference.cpp:92:9:92:18 | call to user_input | semmle.label | call to user_input | -| by_reference.cpp:96:3:96:19 | Chi [[]] | semmle.label | Chi [[]] | +| by_reference.cpp:96:3:96:4 | (reference dereference) [post update] | semmle.label | (reference dereference) [post update] | +| by_reference.cpp:96:3:96:4 | pa [post update] | semmle.label | pa [post update] | | by_reference.cpp:96:8:96:17 | call to user_input | semmle.label | call to user_input | -| by_reference.cpp:102:21:102:39 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | semmle.label | taint_inner_a_ptr output argument [a] | -| by_reference.cpp:104:15:104:22 | Chi | semmle.label | Chi | -| by_reference.cpp:104:15:104:22 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:104:15:104:22 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] | -| by_reference.cpp:106:21:106:41 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:106:21:106:41 | taint_inner_a_ptr output argument [a] | semmle.label | taint_inner_a_ptr output argument [a] | -| by_reference.cpp:108:15:108:24 | Chi | semmle.label | Chi | -| by_reference.cpp:108:15:108:24 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:108:15:108:24 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] | +| by_reference.cpp:102:3:102:19 | & ... [post update] [a] | semmle.label | & ... [post update] [a] | +| by_reference.cpp:102:22:102:26 | outer [post update] [inner_nested, a] | semmle.label | outer [post update] [inner_nested, a] | +| by_reference.cpp:102:28:102:39 | inner_nested [post update] [a] | semmle.label | inner_nested [post update] [a] | +| by_reference.cpp:103:3:103:19 | inner_ptr [post update] [a] | semmle.label | inner_ptr [post update] [a] | +| by_reference.cpp:103:21:103:25 | outer [post update] [inner_ptr, a] | semmle.label | outer [post update] [inner_ptr, a] | +| by_reference.cpp:103:27:103:35 | FieldAddress [post update] [a] | semmle.label | FieldAddress [post update] [a] | +| by_reference.cpp:104:3:104:13 | & ... [post update] | semmle.label | & ... [post update] | +| by_reference.cpp:104:16:104:20 | outer [post update] [a] | semmle.label | outer [post update] [a] | +| by_reference.cpp:104:22:104:22 | a [post update] | semmle.label | a [post update] | +| by_reference.cpp:106:3:106:19 | & ... [post update] [a] | semmle.label | & ... [post update] [a] | +| by_reference.cpp:106:22:106:27 | pouter [post update] [inner_nested, a] | semmle.label | pouter [post update] [inner_nested, a] | +| by_reference.cpp:106:30:106:41 | inner_nested [post update] [a] | semmle.label | inner_nested [post update] [a] | +| by_reference.cpp:107:3:107:19 | inner_ptr [post update] [a] | semmle.label | inner_ptr [post update] [a] | +| by_reference.cpp:107:21:107:26 | pouter [post update] [inner_ptr, a] | semmle.label | pouter [post update] [inner_ptr, a] | +| by_reference.cpp:107:29:107:37 | FieldAddress [post update] [a] | semmle.label | FieldAddress [post update] [a] | +| by_reference.cpp:108:3:108:13 | & ... [post update] | semmle.label | & ... [post update] | +| by_reference.cpp:108:16:108:21 | pouter [post update] [a] | semmle.label | pouter [post update] [a] | +| by_reference.cpp:108:24:108:24 | a [post update] | semmle.label | a [post update] | +| by_reference.cpp:110:8:110:12 | outer [read] [inner_nested, a] | semmle.label | outer [read] [inner_nested, a] | +| by_reference.cpp:110:14:110:25 | inner_nested [read] [a] | semmle.label | inner_nested [read] [a] | +| by_reference.cpp:110:27:110:27 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:110:27:110:27 | a | semmle.label | a | +| by_reference.cpp:111:8:111:12 | outer [read] [inner_ptr, a] | semmle.label | outer [read] [inner_ptr, a] | +| by_reference.cpp:111:14:111:22 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| by_reference.cpp:111:14:111:22 | inner_ptr [read] [a] | semmle.label | inner_ptr [read] [a] | +| by_reference.cpp:111:25:111:25 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| by_reference.cpp:111:25:111:25 | a | semmle.label | a | +| by_reference.cpp:112:8:112:12 | outer [read] [a] | semmle.label | outer [read] [a] | +| by_reference.cpp:112:14:112:14 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:112:14:112:14 | a | semmle.label | a | +| by_reference.cpp:114:8:114:13 | pouter [read] [inner_nested, a] | semmle.label | pouter [read] [inner_nested, a] | +| by_reference.cpp:114:16:114:27 | inner_nested [read] [a] | semmle.label | inner_nested [read] [a] | +| by_reference.cpp:114:29:114:29 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:114:29:114:29 | a | semmle.label | a | +| by_reference.cpp:115:8:115:13 | pouter [read] [inner_ptr, a] | semmle.label | pouter [read] [inner_ptr, a] | +| by_reference.cpp:115:16:115:24 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| by_reference.cpp:115:16:115:24 | inner_ptr [read] [a] | semmle.label | inner_ptr [read] [a] | +| by_reference.cpp:115:27:115:27 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| by_reference.cpp:115:27:115:27 | a | semmle.label | a | +| by_reference.cpp:116:8:116:13 | pouter [read] [a] | semmle.label | pouter [read] [a] | +| by_reference.cpp:116:16:116:16 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:116:16:116:16 | a | semmle.label | a | -| by_reference.cpp:122:21:122:38 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] | semmle.label | taint_inner_a_ref output argument [a] | -| by_reference.cpp:124:15:124:21 | Chi | semmle.label | Chi | -| by_reference.cpp:124:15:124:21 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:124:15:124:21 | taint_a_ref output argument [[]] | semmle.label | taint_a_ref output argument [[]] | -| by_reference.cpp:126:21:126:40 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:126:21:126:40 | taint_inner_a_ref output argument [a] | semmle.label | taint_inner_a_ref output argument [a] | -| by_reference.cpp:128:15:128:23 | Chi | semmle.label | Chi | -| by_reference.cpp:128:15:128:23 | Chi [a] | semmle.label | Chi [a] | -| by_reference.cpp:128:15:128:23 | taint_a_ref output argument [[]] | semmle.label | taint_a_ref output argument [[]] | +| by_reference.cpp:122:3:122:19 | inner_nested [post update] [a] | semmle.label | inner_nested [post update] [a] | +| by_reference.cpp:122:21:122:25 | outer [post update] [inner_nested, a] | semmle.label | outer [post update] [inner_nested, a] | +| by_reference.cpp:122:27:122:38 | inner_nested [post update] [a] | semmle.label | inner_nested [post update] [a] | +| by_reference.cpp:123:3:123:19 | * ... [post update] [a] | semmle.label | * ... [post update] [a] | +| by_reference.cpp:123:22:123:26 | outer [post update] [inner_ptr, a] | semmle.label | outer [post update] [inner_ptr, a] | +| by_reference.cpp:123:28:123:36 | FieldAddress [post update] [a] | semmle.label | FieldAddress [post update] [a] | +| by_reference.cpp:124:3:124:13 | a [post update] | semmle.label | a [post update] | +| by_reference.cpp:124:15:124:19 | outer [post update] [a] | semmle.label | outer [post update] [a] | +| by_reference.cpp:124:21:124:21 | a [post update] | semmle.label | a [post update] | +| by_reference.cpp:126:3:126:19 | inner_nested [post update] [a] | semmle.label | inner_nested [post update] [a] | +| by_reference.cpp:126:21:126:26 | pouter [post update] [inner_nested, a] | semmle.label | pouter [post update] [inner_nested, a] | +| by_reference.cpp:126:29:126:40 | inner_nested [post update] [a] | semmle.label | inner_nested [post update] [a] | +| by_reference.cpp:127:3:127:19 | * ... [post update] [a] | semmle.label | * ... [post update] [a] | +| by_reference.cpp:127:22:127:27 | pouter [post update] [inner_ptr, a] | semmle.label | pouter [post update] [inner_ptr, a] | +| by_reference.cpp:127:30:127:38 | FieldAddress [post update] [a] | semmle.label | FieldAddress [post update] [a] | +| by_reference.cpp:128:3:128:13 | a [post update] | semmle.label | a [post update] | +| by_reference.cpp:128:15:128:20 | pouter [post update] [a] | semmle.label | pouter [post update] [a] | +| by_reference.cpp:128:23:128:23 | a [post update] | semmle.label | a [post update] | +| by_reference.cpp:130:8:130:12 | outer [read] [inner_nested, a] | semmle.label | outer [read] [inner_nested, a] | +| by_reference.cpp:130:14:130:25 | inner_nested [read] [a] | semmle.label | inner_nested [read] [a] | +| by_reference.cpp:130:27:130:27 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:130:27:130:27 | a | semmle.label | a | +| by_reference.cpp:131:8:131:12 | outer [read] [inner_ptr, a] | semmle.label | outer [read] [inner_ptr, a] | +| by_reference.cpp:131:14:131:22 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| by_reference.cpp:131:14:131:22 | inner_ptr [read] [a] | semmle.label | inner_ptr [read] [a] | +| by_reference.cpp:131:25:131:25 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| by_reference.cpp:131:25:131:25 | a | semmle.label | a | +| by_reference.cpp:132:8:132:12 | outer [read] [a] | semmle.label | outer [read] [a] | +| by_reference.cpp:132:14:132:14 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:132:14:132:14 | a | semmle.label | a | +| by_reference.cpp:134:8:134:13 | pouter [read] [inner_nested, a] | semmle.label | pouter [read] [inner_nested, a] | +| by_reference.cpp:134:16:134:27 | inner_nested [read] [a] | semmle.label | inner_nested [read] [a] | +| by_reference.cpp:134:29:134:29 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:134:29:134:29 | a | semmle.label | a | +| by_reference.cpp:135:8:135:13 | pouter [read] [inner_ptr, a] | semmle.label | pouter [read] [inner_ptr, a] | +| by_reference.cpp:135:16:135:24 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| by_reference.cpp:135:16:135:24 | inner_ptr [read] [a] | semmle.label | inner_ptr [read] [a] | +| by_reference.cpp:135:27:135:27 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| by_reference.cpp:135:27:135:27 | a | semmle.label | a | +| by_reference.cpp:136:8:136:13 | pouter [read] [a] | semmle.label | pouter [read] [a] | +| by_reference.cpp:136:16:136:16 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:136:16:136:16 | a | semmle.label | a | -| complex.cpp:9:7:9:7 | *#this [a_] | semmle.label | *#this [a_] | -| complex.cpp:9:7:9:7 | *#this [b_] | semmle.label | *#this [b_] | -| complex.cpp:9:20:9:21 | Store | semmle.label | Store | -| complex.cpp:10:7:10:7 | *#this [b_] | semmle.label | *#this [b_] | -| complex.cpp:10:20:10:21 | Store | semmle.label | Store | +| complex.cpp:9:7:9:7 | ReturnValue | semmle.label | ReturnValue | +| complex.cpp:9:7:9:7 | this [a_] | semmle.label | this [a_] | +| complex.cpp:9:20:9:21 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| complex.cpp:9:20:9:21 | this [read] [a_] | semmle.label | this [read] [a_] | +| complex.cpp:10:7:10:7 | ReturnValue | semmle.label | ReturnValue | +| complex.cpp:10:7:10:7 | this [b_] | semmle.label | this [b_] | +| complex.cpp:10:20:10:21 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| complex.cpp:10:20:10:21 | this [read] [b_] | semmle.label | this [read] [b_] | | complex.cpp:11:17:11:17 | a | semmle.label | a | -| complex.cpp:11:22:11:27 | Chi [a_] | semmle.label | Chi [a_] | -| complex.cpp:12:8:12:11 | *#this [a_] | semmle.label | *#this [a_] | +| complex.cpp:11:22:11:23 | a_ [post update] | semmle.label | a_ [post update] | +| complex.cpp:11:22:11:23 | this [post update] [a_] | semmle.label | this [post update] [a_] | | complex.cpp:12:17:12:17 | b | semmle.label | b | -| complex.cpp:12:22:12:27 | Chi [a_] | semmle.label | Chi [a_] | -| complex.cpp:12:22:12:27 | Chi [b_] | semmle.label | Chi [b_] | -| complex.cpp:40:17:40:17 | *b [a_] | semmle.label | *b [a_] | -| complex.cpp:40:17:40:17 | *b [b_] | semmle.label | *b [b_] | -| complex.cpp:42:16:42:16 | a output argument [b_] | semmle.label | a output argument [b_] | -| complex.cpp:42:16:42:16 | f indirection [a_] | semmle.label | f indirection [a_] | -| complex.cpp:42:16:42:16 | f indirection [b_] | semmle.label | f indirection [b_] | +| complex.cpp:12:22:12:23 | b_ [post update] | semmle.label | b_ [post update] | +| complex.cpp:12:22:12:23 | this [post update] [b_] | semmle.label | this [post update] [b_] | +| complex.cpp:40:17:40:17 | b [inner, f, a_] | semmle.label | b [inner, f, a_] | +| complex.cpp:40:17:40:17 | b [inner, f, b_] | semmle.label | b [inner, f, b_] | +| complex.cpp:42:8:42:8 | (reference dereference) [read] [inner, f, a_] | semmle.label | (reference dereference) [read] [inner, f, a_] | +| complex.cpp:42:10:42:14 | inner [read] [f, a_] | semmle.label | inner [read] [f, a_] | +| complex.cpp:42:16:42:16 | f [read] [a_] | semmle.label | f [read] [a_] | | complex.cpp:42:18:42:18 | call to a | semmle.label | call to a | -| complex.cpp:43:16:43:16 | f indirection [b_] | semmle.label | f indirection [b_] | +| complex.cpp:42:18:42:18 | f [a_] | semmle.label | f [a_] | +| complex.cpp:43:8:43:8 | (reference dereference) [read] [inner, f, b_] | semmle.label | (reference dereference) [read] [inner, f, b_] | +| complex.cpp:43:10:43:14 | inner [read] [f, b_] | semmle.label | inner [read] [f, b_] | +| complex.cpp:43:16:43:16 | f [read] [b_] | semmle.label | f [read] [b_] | | complex.cpp:43:18:43:18 | call to b | semmle.label | call to b | -| complex.cpp:53:12:53:12 | setA output argument [a_] | semmle.label | setA output argument [a_] | +| complex.cpp:43:18:43:18 | f [b_] | semmle.label | f [b_] | +| complex.cpp:53:3:53:4 | b1 [post update] [inner, f, a_] | semmle.label | b1 [post update] [inner, f, a_] | +| complex.cpp:53:6:53:10 | inner [post update] [f, a_] | semmle.label | inner [post update] [f, a_] | +| complex.cpp:53:12:53:12 | f [post update] [a_] | semmle.label | f [post update] [a_] | | complex.cpp:53:14:53:17 | call to user_input | semmle.label | call to user_input | +| complex.cpp:53:14:53:17 | f [post update] [a_] | semmle.label | f [post update] [a_] | | complex.cpp:53:19:53:28 | call to user_input | semmle.label | call to user_input | -| complex.cpp:54:12:54:12 | setB output argument [b_] | semmle.label | setB output argument [b_] | +| complex.cpp:54:3:54:4 | b2 [post update] [inner, f, b_] | semmle.label | b2 [post update] [inner, f, b_] | +| complex.cpp:54:6:54:10 | inner [post update] [f, b_] | semmle.label | inner [post update] [f, b_] | +| complex.cpp:54:12:54:12 | f [post update] [b_] | semmle.label | f [post update] [b_] | | complex.cpp:54:14:54:17 | call to user_input | semmle.label | call to user_input | +| complex.cpp:54:14:54:17 | f [post update] [b_] | semmle.label | f [post update] [b_] | | complex.cpp:54:19:54:28 | call to user_input | semmle.label | call to user_input | -| complex.cpp:55:12:55:12 | setA output argument [a_] | semmle.label | setA output argument [a_] | +| complex.cpp:55:3:55:4 | b3 [post update] [inner, f, a_] | semmle.label | b3 [post update] [inner, f, a_] | +| complex.cpp:55:6:55:10 | inner [post update] [f, a_] | semmle.label | inner [post update] [f, a_] | +| complex.cpp:55:12:55:12 | f [post update] [a_] | semmle.label | f [post update] [a_] | | complex.cpp:55:14:55:17 | call to user_input | semmle.label | call to user_input | +| complex.cpp:55:14:55:17 | f [post update] [a_] | semmle.label | f [post update] [a_] | | complex.cpp:55:19:55:28 | call to user_input | semmle.label | call to user_input | -| complex.cpp:56:12:56:12 | f indirection [a_] | semmle.label | f indirection [a_] | -| complex.cpp:56:12:56:12 | setB output argument [a_] | semmle.label | setB output argument [a_] | -| complex.cpp:56:12:56:12 | setB output argument [b_] | semmle.label | setB output argument [b_] | +| complex.cpp:56:3:56:4 | b3 [post update] [inner, f, b_] | semmle.label | b3 [post update] [inner, f, b_] | +| complex.cpp:56:6:56:10 | inner [post update] [f, b_] | semmle.label | inner [post update] [f, b_] | +| complex.cpp:56:12:56:12 | f [post update] [b_] | semmle.label | f [post update] [b_] | | complex.cpp:56:14:56:17 | call to user_input | semmle.label | call to user_input | +| complex.cpp:56:14:56:17 | f [post update] [b_] | semmle.label | f [post update] [b_] | | complex.cpp:56:19:56:28 | call to user_input | semmle.label | call to user_input | -| complex.cpp:59:7:59:8 | b1 indirection [a_] | semmle.label | b1 indirection [a_] | -| complex.cpp:62:7:62:8 | b2 indirection [b_] | semmle.label | b2 indirection [b_] | -| complex.cpp:65:7:65:8 | b3 indirection [a_] | semmle.label | b3 indirection [a_] | -| complex.cpp:65:7:65:8 | b3 indirection [b_] | semmle.label | b3 indirection [b_] | -| constructors.cpp:18:9:18:9 | *#this [a_] | semmle.label | *#this [a_] | -| constructors.cpp:18:9:18:9 | *#this [b_] | semmle.label | *#this [b_] | -| constructors.cpp:18:22:18:23 | Store | semmle.label | Store | -| constructors.cpp:19:9:19:9 | *#this [b_] | semmle.label | *#this [b_] | -| constructors.cpp:19:22:19:23 | Store | semmle.label | Store | +| complex.cpp:59:3:59:5 | b1 [inner, f, a_] | semmle.label | b1 [inner, f, a_] | +| complex.cpp:62:3:62:5 | b2 [inner, f, b_] | semmle.label | b2 [inner, f, b_] | +| complex.cpp:65:3:65:5 | b3 [inner, f, a_] | semmle.label | b3 [inner, f, a_] | +| complex.cpp:65:3:65:5 | b3 [inner, f, b_] | semmle.label | b3 [inner, f, b_] | +| conflated.cpp:10:4:10:5 | (reference dereference) [post update] [p] | semmle.label | (reference dereference) [post update] [p] | +| conflated.cpp:10:7:10:7 | FieldAddress [post update] | semmle.label | FieldAddress [post update] | +| conflated.cpp:10:11:10:20 | call to user_input | semmle.label | call to user_input | +| conflated.cpp:11:8:11:12 | * ... | semmle.label | * ... | +| conflated.cpp:11:9:11:10 | (reference dereference) [read] [p] | semmle.label | (reference dereference) [read] [p] | +| conflated.cpp:11:12:11:12 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| conflated.cpp:19:19:19:21 | argument_source output argument | semmle.label | argument_source output argument | +| conflated.cpp:20:8:20:10 | (void *)... | semmle.label | (void *)... | +| conflated.cpp:20:8:20:10 | raw | semmle.label | raw | +| conflated.cpp:29:3:29:4 | pa [post update] [x] | semmle.label | pa [post update] [x] | +| conflated.cpp:29:7:29:7 | x [post update] | semmle.label | x [post update] | +| conflated.cpp:29:11:29:20 | call to user_input | semmle.label | call to user_input | +| conflated.cpp:30:8:30:9 | pa [read] [x] | semmle.label | pa [read] [x] | +| conflated.cpp:30:12:30:12 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| conflated.cpp:30:12:30:12 | x | semmle.label | x | +| conflated.cpp:36:3:36:4 | pa [post update] [x] | semmle.label | pa [post update] [x] | +| conflated.cpp:36:7:36:7 | x [post update] | semmle.label | x [post update] | +| conflated.cpp:36:11:36:20 | call to user_input | semmle.label | call to user_input | +| conflated.cpp:37:8:37:9 | pa [read] [x] | semmle.label | pa [read] [x] | +| conflated.cpp:37:12:37:12 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| conflated.cpp:37:12:37:12 | x | semmle.label | x | +| conflated.cpp:54:3:54:4 | ll [post update] [next, y] | semmle.label | ll [post update] [next, y] | +| conflated.cpp:54:7:54:10 | FieldAddress [post update] [y] | semmle.label | FieldAddress [post update] [y] | +| conflated.cpp:54:7:54:10 | next [post update] [y] | semmle.label | next [post update] [y] | +| conflated.cpp:54:13:54:13 | y [post update] | semmle.label | y [post update] | +| conflated.cpp:54:17:54:26 | call to user_input | semmle.label | call to user_input | +| conflated.cpp:55:8:55:9 | ll [read] [next, y] | semmle.label | ll [read] [next, y] | +| conflated.cpp:55:12:55:15 | FieldAddress [read] [y] | semmle.label | FieldAddress [read] [y] | +| conflated.cpp:55:12:55:15 | next [read] [y] | semmle.label | next [read] [y] | +| conflated.cpp:55:18:55:18 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| conflated.cpp:55:18:55:18 | y | semmle.label | y | +| conflated.cpp:60:3:60:4 | ll [post update] [next, y] | semmle.label | ll [post update] [next, y] | +| conflated.cpp:60:7:60:10 | FieldAddress [post update] [y] | semmle.label | FieldAddress [post update] [y] | +| conflated.cpp:60:7:60:10 | next [post update] [y] | semmle.label | next [post update] [y] | +| conflated.cpp:60:13:60:13 | y [post update] | semmle.label | y [post update] | +| conflated.cpp:60:17:60:26 | call to user_input | semmle.label | call to user_input | +| conflated.cpp:61:8:61:9 | ll [read] [next, y] | semmle.label | ll [read] [next, y] | +| conflated.cpp:61:12:61:15 | FieldAddress [read] [y] | semmle.label | FieldAddress [read] [y] | +| conflated.cpp:61:12:61:15 | next [read] [y] | semmle.label | next [read] [y] | +| conflated.cpp:61:18:61:18 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| conflated.cpp:61:18:61:18 | y | semmle.label | y | +| constructors.cpp:18:9:18:9 | ReturnValue | semmle.label | ReturnValue | +| constructors.cpp:18:9:18:9 | this [a_] | semmle.label | this [a_] | +| constructors.cpp:18:22:18:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| constructors.cpp:18:22:18:23 | this [read] [a_] | semmle.label | this [read] [a_] | +| constructors.cpp:19:9:19:9 | ReturnValue | semmle.label | ReturnValue | +| constructors.cpp:19:9:19:9 | this [b_] | semmle.label | this [b_] | +| constructors.cpp:19:22:19:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| constructors.cpp:19:22:19:23 | this [read] [b_] | semmle.label | this [read] [b_] | +| constructors.cpp:23:5:23:7 | this [post update] [a_] | semmle.label | this [post update] [a_] | +| constructors.cpp:23:5:23:7 | this [post update] [b_] | semmle.label | this [post update] [b_] | | constructors.cpp:23:13:23:13 | a | semmle.label | a | | constructors.cpp:23:20:23:20 | b | semmle.label | b | -| constructors.cpp:23:28:23:28 | Chi [a_] | semmle.label | Chi [a_] | -| constructors.cpp:23:35:23:35 | Chi [a_] | semmle.label | Chi [a_] | -| constructors.cpp:23:35:23:35 | Chi [b_] | semmle.label | Chi [b_] | -| constructors.cpp:26:15:26:15 | *f [a_] | semmle.label | *f [a_] | -| constructors.cpp:26:15:26:15 | *f [b_] | semmle.label | *f [b_] | -| constructors.cpp:28:10:28:10 | a output argument [b_] | semmle.label | a output argument [b_] | -| constructors.cpp:28:10:28:10 | f indirection [a_] | semmle.label | f indirection [a_] | -| constructors.cpp:28:10:28:10 | f indirection [b_] | semmle.label | f indirection [b_] | +| constructors.cpp:23:25:23:29 | FieldAddress [post update] | semmle.label | FieldAddress [post update] | +| constructors.cpp:23:32:23:36 | FieldAddress [post update] | semmle.label | FieldAddress [post update] | +| constructors.cpp:26:15:26:15 | f [a_] | semmle.label | f [a_] | +| constructors.cpp:26:15:26:15 | f [b_] | semmle.label | f [b_] | | constructors.cpp:28:12:28:12 | call to a | semmle.label | call to a | -| constructors.cpp:29:10:29:10 | f indirection [b_] | semmle.label | f indirection [b_] | +| constructors.cpp:28:12:28:12 | f [a_] | semmle.label | f [a_] | | constructors.cpp:29:12:29:12 | call to b | semmle.label | call to b | +| constructors.cpp:29:12:29:12 | f [b_] | semmle.label | f [b_] | | constructors.cpp:34:11:34:20 | call to user_input | semmle.label | call to user_input | -| constructors.cpp:34:11:34:26 | Foo output argument [a_] | semmle.label | Foo output argument [a_] | +| constructors.cpp:34:11:34:26 | Argument this [post update] [a_] | semmle.label | Argument this [post update] [a_] | | constructors.cpp:34:11:34:26 | call to user_input | semmle.label | call to user_input | -| constructors.cpp:35:11:35:26 | Foo output argument [b_] | semmle.label | Foo output argument [b_] | +| constructors.cpp:35:11:35:26 | Argument this [post update] [b_] | semmle.label | Argument this [post update] [b_] | | constructors.cpp:35:11:35:26 | call to user_input | semmle.label | call to user_input | | constructors.cpp:35:14:35:23 | call to user_input | semmle.label | call to user_input | | constructors.cpp:36:11:36:20 | call to user_input | semmle.label | call to user_input | -| constructors.cpp:36:11:36:37 | Foo output argument [a_] | semmle.label | Foo output argument [a_] | -| constructors.cpp:36:11:36:37 | Foo output argument [b_] | semmle.label | Foo output argument [b_] | +| constructors.cpp:36:11:36:37 | Argument this [post update] [a_] | semmle.label | Argument this [post update] [a_] | +| constructors.cpp:36:11:36:37 | Argument this [post update] [b_] | semmle.label | Argument this [post update] [b_] | | constructors.cpp:36:11:36:37 | call to user_input | semmle.label | call to user_input | | constructors.cpp:36:11:36:37 | call to user_input | semmle.label | call to user_input | | constructors.cpp:36:25:36:34 | call to user_input | semmle.label | call to user_input | -| constructors.cpp:40:9:40:9 | f indirection [a_] | semmle.label | f indirection [a_] | -| constructors.cpp:43:9:43:9 | g indirection [b_] | semmle.label | g indirection [b_] | -| constructors.cpp:46:9:46:9 | h indirection [a_] | semmle.label | h indirection [a_] | -| constructors.cpp:46:9:46:9 | h indirection [b_] | semmle.label | h indirection [b_] | -| simple.cpp:18:9:18:9 | *#this [a_] | semmle.label | *#this [a_] | -| simple.cpp:18:9:18:9 | *#this [b_] | semmle.label | *#this [b_] | -| simple.cpp:18:22:18:23 | Store | semmle.label | Store | -| simple.cpp:19:9:19:9 | *#this [b_] | semmle.label | *#this [b_] | -| simple.cpp:19:22:19:23 | Store | semmle.label | Store | +| constructors.cpp:40:5:40:7 | f [a_] | semmle.label | f [a_] | +| constructors.cpp:43:5:43:7 | g [b_] | semmle.label | g [b_] | +| constructors.cpp:46:5:46:7 | h [a_] | semmle.label | h [a_] | +| constructors.cpp:46:5:46:7 | h [b_] | semmle.label | h [b_] | +| qualifiers.cpp:9:21:9:25 | value | semmle.label | value | +| qualifiers.cpp:9:30:9:33 | this [post update] [a] | semmle.label | this [post update] [a] | +| qualifiers.cpp:9:36:9:36 | a [post update] | semmle.label | a [post update] | +| qualifiers.cpp:12:40:12:44 | value | semmle.label | value | +| qualifiers.cpp:12:49:12:53 | inner [post update] [a] | semmle.label | inner [post update] [a] | +| qualifiers.cpp:12:56:12:56 | a [post update] | semmle.label | a [post update] | +| qualifiers.cpp:13:42:13:46 | value | semmle.label | value | +| qualifiers.cpp:13:51:13:55 | (reference dereference) [post update] [a] | semmle.label | (reference dereference) [post update] [a] | +| qualifiers.cpp:13:51:13:55 | inner [post update] [a] | semmle.label | inner [post update] [a] | +| qualifiers.cpp:13:57:13:57 | a [post update] | semmle.label | a [post update] | +| qualifiers.cpp:22:11:22:18 | call to getInner [post update] [a] | semmle.label | call to getInner [post update] [a] | +| qualifiers.cpp:22:11:22:18 | outer [post update] [inner, a] | semmle.label | outer [post update] [inner, a] | +| qualifiers.cpp:22:23:22:23 | a [post update] | semmle.label | a [post update] | +| qualifiers.cpp:22:27:22:36 | call to user_input | semmle.label | call to user_input | +| qualifiers.cpp:23:10:23:14 | outer [read] [inner, a] | semmle.label | outer [read] [inner, a] | +| qualifiers.cpp:23:16:23:20 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| qualifiers.cpp:23:16:23:20 | inner [read] [a] | semmle.label | inner [read] [a] | +| qualifiers.cpp:23:23:23:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| qualifiers.cpp:23:23:23:23 | a | semmle.label | a | +| qualifiers.cpp:27:11:27:18 | call to getInner [post update] [a] | semmle.label | call to getInner [post update] [a] | +| qualifiers.cpp:27:11:27:18 | outer [post update] [inner, a] | semmle.label | outer [post update] [inner, a] | +| qualifiers.cpp:27:23:27:26 | call to getInner [post update] [a] | semmle.label | call to getInner [post update] [a] | +| qualifiers.cpp:27:23:27:26 | call to user_input | semmle.label | call to user_input | +| qualifiers.cpp:27:28:27:37 | call to user_input | semmle.label | call to user_input | +| qualifiers.cpp:28:10:28:14 | outer [read] [inner, a] | semmle.label | outer [read] [inner, a] | +| qualifiers.cpp:28:16:28:20 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| qualifiers.cpp:28:16:28:20 | inner [read] [a] | semmle.label | inner [read] [a] | +| qualifiers.cpp:28:23:28:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| qualifiers.cpp:28:23:28:23 | a | semmle.label | a | +| qualifiers.cpp:32:5:32:15 | call to getInner [post update] [a] | semmle.label | call to getInner [post update] [a] | +| qualifiers.cpp:32:5:32:15 | call to user_input | semmle.label | call to user_input | +| qualifiers.cpp:32:23:32:30 | call to getInner [post update] [a] | semmle.label | call to getInner [post update] [a] | +| qualifiers.cpp:32:23:32:30 | outer [post update] [inner, a] | semmle.label | outer [post update] [inner, a] | +| qualifiers.cpp:32:35:32:44 | call to user_input | semmle.label | call to user_input | +| qualifiers.cpp:33:10:33:14 | outer [read] [inner, a] | semmle.label | outer [read] [inner, a] | +| qualifiers.cpp:33:16:33:20 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| qualifiers.cpp:33:16:33:20 | inner [read] [a] | semmle.label | inner [read] [a] | +| qualifiers.cpp:33:23:33:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| qualifiers.cpp:33:23:33:23 | a | semmle.label | a | +| qualifiers.cpp:37:5:37:17 | * ... [post update] [a] | semmle.label | * ... [post update] [a] | +| qualifiers.cpp:37:5:37:17 | call to user_input | semmle.label | call to user_input | +| qualifiers.cpp:37:26:37:33 | call to getInner [post update] [a] | semmle.label | call to getInner [post update] [a] | +| qualifiers.cpp:37:26:37:33 | outer [post update] [inner, a] | semmle.label | outer [post update] [inner, a] | +| qualifiers.cpp:37:38:37:47 | call to user_input | semmle.label | call to user_input | +| qualifiers.cpp:38:10:38:14 | outer [read] [inner, a] | semmle.label | outer [read] [inner, a] | +| qualifiers.cpp:38:16:38:20 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| qualifiers.cpp:38:16:38:20 | inner [read] [a] | semmle.label | inner [read] [a] | +| qualifiers.cpp:38:23:38:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| qualifiers.cpp:38:23:38:23 | a | semmle.label | a | +| qualifiers.cpp:42:6:42:22 | * ... [post update] [a] | semmle.label | * ... [post update] [a] | +| qualifiers.cpp:42:13:42:20 | call to getInner [post update] [a] | semmle.label | call to getInner [post update] [a] | +| qualifiers.cpp:42:13:42:20 | outer [post update] [inner, a] | semmle.label | outer [post update] [inner, a] | +| qualifiers.cpp:42:25:42:25 | a [post update] | semmle.label | a [post update] | +| qualifiers.cpp:42:29:42:38 | call to user_input | semmle.label | call to user_input | +| qualifiers.cpp:43:10:43:14 | outer [read] [inner, a] | semmle.label | outer [read] [inner, a] | +| qualifiers.cpp:43:16:43:20 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| qualifiers.cpp:43:16:43:20 | inner [read] [a] | semmle.label | inner [read] [a] | +| qualifiers.cpp:43:23:43:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| qualifiers.cpp:43:23:43:23 | a | semmle.label | a | +| qualifiers.cpp:47:15:47:22 | & ... [post update] [inner, a] | semmle.label | & ... [post update] [inner, a] | +| qualifiers.cpp:47:15:47:22 | call to getInner [post update] [a] | semmle.label | call to getInner [post update] [a] | +| qualifiers.cpp:47:27:47:27 | a [post update] | semmle.label | a [post update] | +| qualifiers.cpp:47:31:47:40 | call to user_input | semmle.label | call to user_input | +| qualifiers.cpp:48:10:48:14 | outer [read] [inner, a] | semmle.label | outer [read] [inner, a] | +| qualifiers.cpp:48:16:48:20 | FieldAddress [read] [a] | semmle.label | FieldAddress [read] [a] | +| qualifiers.cpp:48:16:48:20 | inner [read] [a] | semmle.label | inner [read] [a] | +| qualifiers.cpp:48:23:48:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| qualifiers.cpp:48:23:48:23 | a | semmle.label | a | +| realistic.cpp:53:9:53:11 | foo [post update] [bar, baz, userInput, bufferLen] | semmle.label | foo [post update] [bar, baz, userInput, bufferLen] | +| realistic.cpp:53:9:53:18 | access to array [post update] [baz, userInput, bufferLen] | semmle.label | access to array [post update] [baz, userInput, bufferLen] | +| realistic.cpp:53:13:53:15 | bar [post update] [baz, userInput, bufferLen] | semmle.label | bar [post update] [baz, userInput, bufferLen] | +| realistic.cpp:53:20:53:22 | FieldAddress [post update] [userInput, bufferLen] | semmle.label | FieldAddress [post update] [userInput, bufferLen] | +| realistic.cpp:53:20:53:22 | baz [post update] [userInput, bufferLen] | semmle.label | baz [post update] [userInput, bufferLen] | +| realistic.cpp:53:25:53:33 | userInput [post update] [bufferLen] | semmle.label | userInput [post update] [bufferLen] | +| realistic.cpp:53:35:53:43 | bufferLen [post update] | semmle.label | bufferLen [post update] | +| realistic.cpp:53:47:53:66 | (size_t)... | semmle.label | (size_t)... | +| realistic.cpp:53:55:53:64 | call to user_input | semmle.label | call to user_input | +| realistic.cpp:61:14:61:55 | (void *)... | semmle.label | (void *)... | +| realistic.cpp:61:21:61:23 | foo [read] [bar, baz, userInput, bufferLen] | semmle.label | foo [read] [bar, baz, userInput, bufferLen] | +| realistic.cpp:61:21:61:30 | access to array [read] [baz, userInput, bufferLen] | semmle.label | access to array [read] [baz, userInput, bufferLen] | +| realistic.cpp:61:25:61:27 | bar [read] [baz, userInput, bufferLen] | semmle.label | bar [read] [baz, userInput, bufferLen] | +| realistic.cpp:61:32:61:34 | FieldAddress [read] [userInput, bufferLen] | semmle.label | FieldAddress [read] [userInput, bufferLen] | +| realistic.cpp:61:32:61:34 | baz [read] [userInput, bufferLen] | semmle.label | baz [read] [userInput, bufferLen] | +| realistic.cpp:61:37:61:45 | userInput [read] [bufferLen] | semmle.label | userInput [read] [bufferLen] | +| realistic.cpp:61:47:61:55 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| simple.cpp:18:9:18:9 | ReturnValue | semmle.label | ReturnValue | +| simple.cpp:18:9:18:9 | this [a_] | semmle.label | this [a_] | +| simple.cpp:18:22:18:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| simple.cpp:18:22:18:23 | this [read] [a_] | semmle.label | this [read] [a_] | +| simple.cpp:19:9:19:9 | ReturnValue | semmle.label | ReturnValue | +| simple.cpp:19:9:19:9 | this [b_] | semmle.label | this [b_] | +| simple.cpp:19:22:19:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| simple.cpp:19:22:19:23 | this [read] [b_] | semmle.label | this [read] [b_] | | simple.cpp:20:19:20:19 | a | semmle.label | a | -| simple.cpp:20:24:20:29 | Chi [a_] | semmle.label | Chi [a_] | +| simple.cpp:20:24:20:25 | a_ [post update] | semmle.label | a_ [post update] | +| simple.cpp:20:24:20:25 | this [post update] [a_] | semmle.label | this [post update] [a_] | | simple.cpp:21:10:21:13 | *#this [a_] | semmle.label | *#this [a_] | +| simple.cpp:21:10:21:13 | ReturnIndirection [a_] | semmle.label | ReturnIndirection [a_] | | simple.cpp:21:19:21:19 | b | semmle.label | b | -| simple.cpp:21:24:21:29 | Chi [a_] | semmle.label | Chi [a_] | -| simple.cpp:21:24:21:29 | Chi [b_] | semmle.label | Chi [b_] | -| simple.cpp:26:15:26:15 | *f [a_] | semmle.label | *f [a_] | -| simple.cpp:26:15:26:15 | *f [b_] | semmle.label | *f [b_] | -| simple.cpp:28:10:28:10 | a output argument [b_] | semmle.label | a output argument [b_] | -| simple.cpp:28:10:28:10 | f indirection [a_] | semmle.label | f indirection [a_] | -| simple.cpp:28:10:28:10 | f indirection [b_] | semmle.label | f indirection [b_] | +| simple.cpp:21:24:21:25 | b_ [post update] | semmle.label | b_ [post update] | +| simple.cpp:21:24:21:25 | this [post update] [b_] | semmle.label | this [post update] [b_] | +| simple.cpp:26:15:26:15 | f [a_] | semmle.label | f [a_] | +| simple.cpp:26:15:26:15 | f [b_] | semmle.label | f [b_] | | simple.cpp:28:12:28:12 | call to a | semmle.label | call to a | -| simple.cpp:29:10:29:10 | f indirection [b_] | semmle.label | f indirection [b_] | +| simple.cpp:28:12:28:12 | f [a_] | semmle.label | f [a_] | | simple.cpp:29:12:29:12 | call to b | semmle.label | call to b | -| simple.cpp:39:5:39:5 | setA output argument [a_] | semmle.label | setA output argument [a_] | +| simple.cpp:29:12:29:12 | f [b_] | semmle.label | f [b_] | | simple.cpp:39:7:39:10 | call to user_input | semmle.label | call to user_input | +| simple.cpp:39:7:39:10 | f [post update] [a_] | semmle.label | f [post update] [a_] | | simple.cpp:39:12:39:21 | call to user_input | semmle.label | call to user_input | -| simple.cpp:40:5:40:5 | setB output argument [b_] | semmle.label | setB output argument [b_] | | simple.cpp:40:7:40:10 | call to user_input | semmle.label | call to user_input | +| simple.cpp:40:7:40:10 | g [post update] [b_] | semmle.label | g [post update] [b_] | | simple.cpp:40:12:40:21 | call to user_input | semmle.label | call to user_input | -| simple.cpp:41:5:41:5 | setA output argument [a_] | semmle.label | setA output argument [a_] | | simple.cpp:41:7:41:10 | call to user_input | semmle.label | call to user_input | +| simple.cpp:41:7:41:10 | h [post update] [a_] | semmle.label | h [post update] [a_] | | simple.cpp:41:12:41:21 | call to user_input | semmle.label | call to user_input | | simple.cpp:42:5:42:5 | h indirection [a_] | semmle.label | h indirection [a_] | | simple.cpp:42:5:42:5 | setB output argument [a_] | semmle.label | setB output argument [a_] | -| simple.cpp:42:5:42:5 | setB output argument [b_] | semmle.label | setB output argument [b_] | | simple.cpp:42:7:42:10 | call to user_input | semmle.label | call to user_input | +| simple.cpp:42:7:42:10 | h [post update] [b_] | semmle.label | h [post update] [b_] | | simple.cpp:42:12:42:21 | call to user_input | semmle.label | call to user_input | -| simple.cpp:45:9:45:9 | f indirection [a_] | semmle.label | f indirection [a_] | -| simple.cpp:48:9:48:9 | g indirection [b_] | semmle.label | g indirection [b_] | -| simple.cpp:51:9:51:9 | h indirection [a_] | semmle.label | h indirection [a_] | -| simple.cpp:51:9:51:9 | h indirection [b_] | semmle.label | h indirection [b_] | -| simple.cpp:65:5:65:22 | Store [i] | semmle.label | Store [i] | +| simple.cpp:45:5:45:7 | f [a_] | semmle.label | f [a_] | +| simple.cpp:48:5:48:7 | g [b_] | semmle.label | g [b_] | +| simple.cpp:51:5:51:7 | h [a_] | semmle.label | h [a_] | +| simple.cpp:51:5:51:7 | h [b_] | semmle.label | h [b_] | +| simple.cpp:65:5:65:5 | a [post update] [i] | semmle.label | a [post update] [i] | +| simple.cpp:65:7:65:7 | i [post update] | semmle.label | i [post update] | | simple.cpp:65:11:65:20 | call to user_input | semmle.label | call to user_input | -| simple.cpp:66:12:66:12 | Store [i] | semmle.label | Store [i] | +| simple.cpp:67:10:67:11 | a2 [read] [i] | semmle.label | a2 [read] [i] | +| simple.cpp:67:13:67:13 | FieldAddress [read] | semmle.label | FieldAddress [read] | | simple.cpp:67:13:67:13 | i | semmle.label | i | -| simple.cpp:78:9:78:15 | *#this [f1] | semmle.label | *#this [f1] | -| simple.cpp:79:19:79:20 | Store | semmle.label | Store | -| simple.cpp:83:9:83:28 | Store [f1] | semmle.label | Store [f1] | +| simple.cpp:78:9:78:15 | ReturnValue | semmle.label | ReturnValue | +| simple.cpp:78:9:78:15 | this [f2, f1] | semmle.label | this [f2, f1] | +| simple.cpp:79:16:79:17 | f2 [read] [f1] | semmle.label | f2 [read] [f1] | +| simple.cpp:79:16:79:17 | this [read] [f2, f1] | semmle.label | this [read] [f2, f1] | +| simple.cpp:79:19:79:20 | FieldAddress [read] | semmle.label | FieldAddress [read] | +| simple.cpp:83:9:83:10 | f2 [post update] [f1] | semmle.label | f2 [post update] [f1] | +| simple.cpp:83:9:83:10 | this [post update] [f2, f1] | semmle.label | this [post update] [f2, f1] | +| simple.cpp:83:12:83:13 | f1 [post update] | semmle.label | f1 [post update] | | simple.cpp:83:17:83:26 | call to user_input | semmle.label | call to user_input | | simple.cpp:84:14:84:20 | call to getf2f1 | semmle.label | call to getf2f1 | -| simple.cpp:84:14:84:20 | this indirection [f1] | semmle.label | this indirection [f1] | -| simple.cpp:92:5:92:22 | Store [i] | semmle.label | Store [i] | +| simple.cpp:84:14:84:20 | this [f2, f1] | semmle.label | this [f2, f1] | +| simple.cpp:92:5:92:5 | a [post update] [i] | semmle.label | a [post update] [i] | +| simple.cpp:92:7:92:7 | i [post update] | semmle.label | i [post update] | | simple.cpp:92:11:92:20 | call to user_input | semmle.label | call to user_input | -| simple.cpp:93:20:93:20 | Store [i] | semmle.label | Store [i] | +| simple.cpp:94:10:94:11 | a2 [read] [i] | semmle.label | a2 [read] [i] | +| simple.cpp:94:13:94:13 | FieldAddress [read] | semmle.label | FieldAddress [read] | | simple.cpp:94:13:94:13 | i | semmle.label | i | | struct_init.c:14:24:14:25 | *ab [a] | semmle.label | *ab [a] | +| struct_init.c:14:24:14:25 | ab [a] | semmle.label | ab [a] | +| struct_init.c:15:8:15:9 | ab [read] [a] | semmle.label | ab [read] [a] | +| struct_init.c:15:12:15:12 | FieldAddress [read] | semmle.label | FieldAddress [read] | | struct_init.c:15:12:15:12 | a | semmle.label | a | -| struct_init.c:20:20:20:29 | Chi [a] | semmle.label | Chi [a] | +| struct_init.c:20:13:20:14 | VariableAddress [post update] [a] | semmle.label | VariableAddress [post update] [a] | +| struct_init.c:20:17:20:36 | FieldAddress [post update] | semmle.label | FieldAddress [post update] | | struct_init.c:20:20:20:29 | call to user_input | semmle.label | call to user_input | +| struct_init.c:22:8:22:9 | ab [read] [a] | semmle.label | ab [read] [a] | +| struct_init.c:22:11:22:11 | FieldAddress [read] | semmle.label | FieldAddress [read] | | struct_init.c:22:11:22:11 | a | semmle.label | a | | struct_init.c:24:10:24:12 | & ... indirection [a] | semmle.label | & ... indirection [a] | -| struct_init.c:27:7:27:16 | Chi [a] | semmle.label | Chi [a] | +| struct_init.c:26:16:26:20 | VariableAddress [post update] [nestedAB, a] | semmle.label | VariableAddress [post update] [nestedAB, a] | +| struct_init.c:26:23:29:3 | FieldAddress [post update] [a] | semmle.label | FieldAddress [post update] [a] | +| struct_init.c:27:5:27:23 | FieldAddress [post update] | semmle.label | FieldAddress [post update] | | struct_init.c:27:7:27:16 | call to user_input | semmle.label | call to user_input | +| struct_init.c:31:8:31:12 | outer [read] [nestedAB, a] | semmle.label | outer [read] [nestedAB, a] | +| struct_init.c:31:14:31:21 | nestedAB [read] [a] | semmle.label | nestedAB [read] [a] | +| struct_init.c:31:23:31:23 | FieldAddress [read] | semmle.label | FieldAddress [read] | | struct_init.c:31:23:31:23 | a | semmle.label | a | -| struct_init.c:36:10:36:24 | & ... indirection [a] | semmle.label | & ... indirection [a] | +| struct_init.c:36:3:36:8 | & ... [a] | semmle.label | & ... [a] | +| struct_init.c:36:11:36:15 | outer [read] [nestedAB, a] | semmle.label | outer [read] [nestedAB, a] | +| struct_init.c:36:17:36:24 | nestedAB [read] [a] | semmle.label | nestedAB [read] [a] | subpaths -| A.cpp:55:8:55:10 | new | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:32 | Chi [c] | A.cpp:55:5:55:5 | set output argument [c] | -| A.cpp:56:10:56:10 | b indirection [c] | A.cpp:28:8:28:10 | *#this [c] | A.cpp:28:29:28:29 | Store | A.cpp:56:13:56:15 | call to get | -| A.cpp:57:10:57:25 | new indirection [c] | A.cpp:28:8:28:10 | *#this [c] | A.cpp:28:29:28:29 | Store | A.cpp:57:28:57:30 | call to get | -| A.cpp:57:11:57:24 | new | A.cpp:23:10:23:10 | c | A.cpp:25:7:25:17 | Chi [c] | A.cpp:57:11:57:24 | B output argument [c] | -| A.cpp:126:8:126:10 | new | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:32 | Chi [c] | A.cpp:126:5:126:5 | set output argument [c] | -| A.cpp:151:12:151:24 | b | A.cpp:140:13:140:13 | b | A.cpp:143:7:143:31 | Chi [b] | A.cpp:151:12:151:24 | D output argument [b] | -| by_reference.cpp:20:11:20:21 | value | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:19 | Chi [a] | by_reference.cpp:20:5:20:8 | setDirectly output argument [a] | -| by_reference.cpp:24:5:24:17 | value | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:16 | Chi [a] | by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] | -| by_reference.cpp:40:12:40:15 | this indirection [a] | by_reference.cpp:35:9:35:19 | *#this [a] | by_reference.cpp:36:18:36:18 | Store | by_reference.cpp:40:18:40:28 | call to getDirectly | -| by_reference.cpp:44:26:44:29 | this indirection [a] | by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:32:15:32:15 | Store | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | -| by_reference.cpp:50:5:50:15 | call to user_input | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:19 | Chi [a] | by_reference.cpp:50:3:50:3 | setDirectly output argument [a] | -| by_reference.cpp:51:8:51:8 | s indirection [a] | by_reference.cpp:35:9:35:19 | *#this [a] | by_reference.cpp:36:18:36:18 | Store | by_reference.cpp:51:10:51:20 | call to getDirectly | -| by_reference.cpp:56:5:56:17 | call to user_input | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:20:5:20:8 | Chi [a] | by_reference.cpp:56:3:56:3 | setIndirectly output argument [a] | -| by_reference.cpp:57:8:57:8 | s indirection [a] | by_reference.cpp:39:9:39:21 | *#this [a] | by_reference.cpp:40:18:40:28 | Store | by_reference.cpp:57:10:57:22 | call to getIndirectly | -| by_reference.cpp:62:5:62:23 | call to user_input | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:24:19:24:22 | Chi [a] | by_reference.cpp:62:3:62:3 | setThroughNonMember output argument [a] | -| by_reference.cpp:63:8:63:8 | s indirection [a] | by_reference.cpp:43:9:43:27 | *#this [a] | by_reference.cpp:44:12:44:24 | Store | by_reference.cpp:63:10:63:28 | call to getThroughNonMember | -| by_reference.cpp:68:3:68:15 | call to user_input | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:16 | Chi [a] | by_reference.cpp:68:17:68:18 | nonMemberSetA output argument [a] | -| by_reference.cpp:69:22:69:23 | & ... indirection [a] | by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:32:15:32:15 | Store | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | -| complex.cpp:42:16:42:16 | f indirection [a_] | complex.cpp:9:7:9:7 | *#this [a_] | complex.cpp:9:20:9:21 | Store | complex.cpp:42:18:42:18 | call to a | -| complex.cpp:42:16:42:16 | f indirection [b_] | complex.cpp:9:7:9:7 | *#this [b_] | complex.cpp:9:7:9:7 | *#this [b_] | complex.cpp:42:16:42:16 | a output argument [b_] | -| complex.cpp:43:16:43:16 | f indirection [b_] | complex.cpp:10:7:10:7 | *#this [b_] | complex.cpp:10:20:10:21 | Store | complex.cpp:43:18:43:18 | call to b | -| complex.cpp:53:14:53:17 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:27 | Chi [a_] | complex.cpp:53:12:53:12 | setA output argument [a_] | -| complex.cpp:54:14:54:17 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:27 | Chi [b_] | complex.cpp:54:12:54:12 | setB output argument [b_] | -| complex.cpp:55:14:55:17 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:27 | Chi [a_] | complex.cpp:55:12:55:12 | setA output argument [a_] | -| complex.cpp:56:12:56:12 | f indirection [a_] | complex.cpp:12:8:12:11 | *#this [a_] | complex.cpp:12:22:12:27 | Chi [a_] | complex.cpp:56:12:56:12 | setB output argument [a_] | -| complex.cpp:56:14:56:17 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:27 | Chi [b_] | complex.cpp:56:12:56:12 | setB output argument [b_] | -| constructors.cpp:28:10:28:10 | f indirection [a_] | constructors.cpp:18:9:18:9 | *#this [a_] | constructors.cpp:18:22:18:23 | Store | constructors.cpp:28:12:28:12 | call to a | -| constructors.cpp:28:10:28:10 | f indirection [b_] | constructors.cpp:18:9:18:9 | *#this [b_] | constructors.cpp:18:9:18:9 | *#this [b_] | constructors.cpp:28:10:28:10 | a output argument [b_] | -| constructors.cpp:29:10:29:10 | f indirection [b_] | constructors.cpp:19:9:19:9 | *#this [b_] | constructors.cpp:19:22:19:23 | Store | constructors.cpp:29:12:29:12 | call to b | -| constructors.cpp:34:11:34:26 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:35:23:35 | Chi [a_] | constructors.cpp:34:11:34:26 | Foo output argument [a_] | -| constructors.cpp:35:11:35:26 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:35:23:35 | Chi [b_] | constructors.cpp:35:11:35:26 | Foo output argument [b_] | -| constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:35:23:35 | Chi [a_] | constructors.cpp:36:11:36:37 | Foo output argument [a_] | -| constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:35:23:35 | Chi [b_] | constructors.cpp:36:11:36:37 | Foo output argument [b_] | -| simple.cpp:28:10:28:10 | f indirection [a_] | simple.cpp:18:9:18:9 | *#this [a_] | simple.cpp:18:22:18:23 | Store | simple.cpp:28:12:28:12 | call to a | -| simple.cpp:28:10:28:10 | f indirection [b_] | simple.cpp:18:9:18:9 | *#this [b_] | simple.cpp:18:9:18:9 | *#this [b_] | simple.cpp:28:10:28:10 | a output argument [b_] | -| simple.cpp:29:10:29:10 | f indirection [b_] | simple.cpp:19:9:19:9 | *#this [b_] | simple.cpp:19:22:19:23 | Store | simple.cpp:29:12:29:12 | call to b | -| simple.cpp:39:7:39:10 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:29 | Chi [a_] | simple.cpp:39:5:39:5 | setA output argument [a_] | -| simple.cpp:40:7:40:10 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:29 | Chi [b_] | simple.cpp:40:5:40:5 | setB output argument [b_] | -| simple.cpp:41:7:41:10 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:29 | Chi [a_] | simple.cpp:41:5:41:5 | setA output argument [a_] | -| simple.cpp:42:5:42:5 | h indirection [a_] | simple.cpp:21:10:21:13 | *#this [a_] | simple.cpp:21:24:21:29 | Chi [a_] | simple.cpp:42:5:42:5 | setB output argument [a_] | -| simple.cpp:42:7:42:10 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:29 | Chi [b_] | simple.cpp:42:5:42:5 | setB output argument [b_] | -| simple.cpp:84:14:84:20 | this indirection [f1] | simple.cpp:78:9:78:15 | *#this [f1] | simple.cpp:79:19:79:20 | Store | simple.cpp:84:14:84:20 | call to getf2f1 | +| A.cpp:31:14:31:21 | c | A.cpp:23:10:23:10 | c | A.cpp:25:7:25:10 | this [post update] [c] | A.cpp:31:14:31:21 | new [post update] [c] | +| A.cpp:48:12:48:18 | c | A.cpp:29:23:29:23 | c | A.cpp:29:15:29:18 | ReturnValue [c] | A.cpp:48:12:48:18 | call to make [c] | +| A.cpp:55:8:55:10 | new | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:25 | this [post update] [c] | A.cpp:55:8:55:10 | b [post update] [c] | +| A.cpp:56:13:56:15 | b [c] | A.cpp:28:8:28:10 | this [c] | A.cpp:28:8:28:10 | ReturnValue | A.cpp:56:13:56:15 | call to get | +| A.cpp:57:11:57:24 | new | A.cpp:23:10:23:10 | c | A.cpp:25:7:25:10 | this [post update] [c] | A.cpp:57:11:57:24 | new [post update] [c] | +| A.cpp:57:28:57:30 | new [c] | A.cpp:28:8:28:10 | this [c] | A.cpp:28:8:28:10 | ReturnValue | A.cpp:57:28:57:30 | call to get | +| A.cpp:64:10:64:15 | new | A.cpp:85:26:85:26 | c | A.cpp:85:9:85:14 | ReturnValue [c] | A.cpp:64:10:64:15 | call to setOnB [c] | +| A.cpp:73:10:73:19 | new | A.cpp:78:27:78:27 | c | A.cpp:78:6:78:15 | ReturnValue [c] | A.cpp:73:10:73:19 | call to setOnBWrap [c] | +| A.cpp:81:10:81:15 | c | A.cpp:85:26:85:26 | c | A.cpp:85:9:85:14 | ReturnValue [c] | A.cpp:81:10:81:15 | call to setOnB [c] | +| A.cpp:90:11:90:13 | c | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:25 | this [post update] [c] | A.cpp:90:11:90:13 | b2 [post update] [c] | +| A.cpp:126:8:126:10 | new | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:25 | this [post update] [c] | A.cpp:126:8:126:10 | b [post update] [c] | +| A.cpp:151:12:151:24 | b | A.cpp:140:13:140:13 | b | A.cpp:143:7:143:10 | this [post update] [b] | A.cpp:151:12:151:24 | new [post update] [b] | +| A.cpp:160:18:160:60 | b | A.cpp:181:15:181:21 | newHead | A.cpp:183:7:183:10 | this [post update] [head] | A.cpp:160:18:160:60 | new [post update] [head] | +| A.cpp:161:18:161:40 | l1 [head] | A.cpp:181:32:181:35 | next [head] | A.cpp:184:7:184:10 | this [post update] [next, head] | A.cpp:161:18:161:40 | new [post update] [next, head] | +| A.cpp:162:18:162:40 | l2 [next, head] | A.cpp:181:32:181:35 | next [next, head] | A.cpp:184:7:184:10 | this [post update] [next, next, head] | A.cpp:162:18:162:40 | new [post update] [next, next, head] | +| B.cpp:7:16:7:35 | e | B.cpp:33:16:33:17 | e1 | B.cpp:35:7:35:10 | this [post update] [elem1] | B.cpp:7:16:7:35 | new [post update] [elem1] | +| B.cpp:8:16:8:27 | b1 [elem1] | B.cpp:44:16:44:17 | b1 [elem1] | B.cpp:46:7:46:10 | this [post update] [box1, elem1] | B.cpp:8:16:8:27 | new [post update] [box1, elem1] | +| B.cpp:16:16:16:38 | e | B.cpp:33:26:33:27 | e2 | B.cpp:36:7:36:10 | this [post update] [elem2] | B.cpp:16:16:16:38 | new [post update] [elem2] | +| B.cpp:17:16:17:27 | b1 [elem2] | B.cpp:44:16:44:17 | b1 [elem2] | B.cpp:46:7:46:10 | this [post update] [box1, elem2] | B.cpp:17:16:17:27 | new [post update] [box1, elem2] | +| D.cpp:22:14:22:20 | b2 [box, elem] | D.cpp:17:11:17:17 | this [box, elem] | D.cpp:17:11:17:17 | ReturnValue [elem] | D.cpp:22:14:22:20 | call to getBox1 [elem] | +| D.cpp:22:25:22:31 | call to getBox1 [elem] | D.cpp:10:11:10:17 | this [elem] | D.cpp:10:11:10:17 | ReturnValue | D.cpp:22:25:22:31 | call to getElem | +| D.cpp:37:13:37:19 | e | D.cpp:11:24:11:24 | e | D.cpp:11:29:11:32 | this [post update] [elem] | D.cpp:37:13:37:19 | box [post update] [elem] | +| D.cpp:51:19:51:25 | e | D.cpp:11:24:11:24 | e | D.cpp:11:29:11:32 | this [post update] [elem] | D.cpp:51:19:51:25 | call to getBox1 [post update] [elem] | +| by_reference.cpp:20:11:20:21 | value | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:8 | this [post update] [a] | by_reference.cpp:20:11:20:21 | this [post update] [a] | +| by_reference.cpp:24:5:24:17 | value | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:5 | s [post update] [a] | by_reference.cpp:24:5:24:17 | this [post update] [a] | +| by_reference.cpp:40:18:40:28 | this [a] | by_reference.cpp:35:9:35:19 | this [a] | by_reference.cpp:35:9:35:19 | ReturnValue | by_reference.cpp:40:18:40:28 | call to getDirectly | +| by_reference.cpp:44:12:44:24 | this [a] | by_reference.cpp:31:46:31:46 | s [a] | by_reference.cpp:31:16:31:28 | ReturnValue | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | +| by_reference.cpp:50:5:50:15 | call to user_input | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:8 | this [post update] [a] | by_reference.cpp:50:5:50:15 | s [post update] [a] | +| by_reference.cpp:51:8:51:8 | s indirection [a] | by_reference.cpp:35:9:35:19 | *#this [a] | by_reference.cpp:35:9:35:19 | ReturnValue | by_reference.cpp:51:10:51:20 | call to getDirectly | +| by_reference.cpp:56:5:56:17 | call to user_input | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:20:5:20:8 | this [post update] [a] | by_reference.cpp:56:5:56:17 | s [post update] [a] | +| by_reference.cpp:56:5:56:17 | call to user_input | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:20:11:20:21 | this [post update] [a] | by_reference.cpp:56:5:56:17 | s [post update] [a] | +| by_reference.cpp:57:8:57:8 | s indirection [a] | by_reference.cpp:39:9:39:21 | *#this [a] | by_reference.cpp:39:9:39:21 | ReturnValue | by_reference.cpp:57:10:57:22 | call to getIndirectly | +| by_reference.cpp:62:5:62:23 | call to user_input | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:24:5:24:17 | this [post update] [a] | by_reference.cpp:62:5:62:23 | s [post update] [a] | +| by_reference.cpp:62:5:62:23 | call to user_input | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:24:19:24:22 | this [post update] [a] | by_reference.cpp:62:5:62:23 | s [post update] [a] | +| by_reference.cpp:63:8:63:8 | s indirection [a] | by_reference.cpp:43:9:43:27 | *#this [a] | by_reference.cpp:43:9:43:27 | ReturnValue | by_reference.cpp:63:10:63:28 | call to getThroughNonMember | +| by_reference.cpp:68:3:68:15 | call to user_input | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:5 | s [post update] [a] | by_reference.cpp:68:3:68:15 | & ... [post update] [a] | +| by_reference.cpp:69:22:69:23 | & ... indirection [a] | by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:31:16:31:28 | ReturnValue | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | +| complex.cpp:42:18:42:18 | f [a_] | complex.cpp:9:7:9:7 | this [a_] | complex.cpp:9:7:9:7 | ReturnValue | complex.cpp:42:18:42:18 | call to a | +| complex.cpp:43:18:43:18 | f [b_] | complex.cpp:10:7:10:7 | this [b_] | complex.cpp:10:7:10:7 | ReturnValue | complex.cpp:43:18:43:18 | call to b | +| complex.cpp:53:14:53:17 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:23 | this [post update] [a_] | complex.cpp:53:14:53:17 | f [post update] [a_] | +| complex.cpp:54:14:54:17 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:23 | this [post update] [b_] | complex.cpp:54:14:54:17 | f [post update] [b_] | +| complex.cpp:55:14:55:17 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:23 | this [post update] [a_] | complex.cpp:55:14:55:17 | f [post update] [a_] | +| complex.cpp:56:14:56:17 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:23 | this [post update] [b_] | complex.cpp:56:14:56:17 | f [post update] [b_] | +| constructors.cpp:28:12:28:12 | f [a_] | constructors.cpp:18:9:18:9 | this [a_] | constructors.cpp:18:9:18:9 | ReturnValue | constructors.cpp:28:12:28:12 | call to a | +| constructors.cpp:29:12:29:12 | f [b_] | constructors.cpp:19:9:19:9 | this [b_] | constructors.cpp:19:9:19:9 | ReturnValue | constructors.cpp:29:12:29:12 | call to b | +| constructors.cpp:34:11:34:26 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:5:23:7 | this [post update] [a_] | constructors.cpp:34:11:34:26 | Argument this [post update] [a_] | +| constructors.cpp:35:11:35:26 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:5:23:7 | this [post update] [b_] | constructors.cpp:35:11:35:26 | Argument this [post update] [b_] | +| constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:5:23:7 | this [post update] [a_] | constructors.cpp:36:11:36:37 | Argument this [post update] [a_] | +| constructors.cpp:36:11:36:37 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:5:23:7 | this [post update] [b_] | constructors.cpp:36:11:36:37 | Argument this [post update] [b_] | +| qualifiers.cpp:27:23:27:26 | call to user_input | qualifiers.cpp:9:21:9:25 | value | qualifiers.cpp:9:30:9:33 | this [post update] [a] | qualifiers.cpp:27:23:27:26 | call to getInner [post update] [a] | +| qualifiers.cpp:32:5:32:15 | call to user_input | qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:49:12:53 | inner [post update] [a] | qualifiers.cpp:32:5:32:15 | call to getInner [post update] [a] | +| qualifiers.cpp:37:5:37:17 | call to user_input | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:51:13:55 | (reference dereference) [post update] [a] | qualifiers.cpp:37:5:37:17 | * ... [post update] [a] | +| qualifiers.cpp:37:5:37:17 | call to user_input | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:51:13:55 | inner [post update] [a] | qualifiers.cpp:37:5:37:17 | * ... [post update] [a] | +| simple.cpp:28:12:28:12 | f [a_] | simple.cpp:18:9:18:9 | this [a_] | simple.cpp:18:9:18:9 | ReturnValue | simple.cpp:28:12:28:12 | call to a | +| simple.cpp:29:12:29:12 | f [b_] | simple.cpp:19:9:19:9 | this [b_] | simple.cpp:19:9:19:9 | ReturnValue | simple.cpp:29:12:29:12 | call to b | +| simple.cpp:39:7:39:10 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:25 | this [post update] [a_] | simple.cpp:39:7:39:10 | f [post update] [a_] | +| simple.cpp:40:7:40:10 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:25 | this [post update] [b_] | simple.cpp:40:7:40:10 | g [post update] [b_] | +| simple.cpp:41:7:41:10 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:25 | this [post update] [a_] | simple.cpp:41:7:41:10 | h [post update] [a_] | +| simple.cpp:42:5:42:5 | h indirection [a_] | simple.cpp:21:10:21:13 | *#this [a_] | simple.cpp:21:10:21:13 | ReturnIndirection [a_] | simple.cpp:42:5:42:5 | setB output argument [a_] | +| simple.cpp:42:7:42:10 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:25 | this [post update] [b_] | simple.cpp:42:7:42:10 | h [post update] [b_] | +| simple.cpp:84:14:84:20 | this [f2, f1] | simple.cpp:78:9:78:15 | this [f2, f1] | simple.cpp:78:9:78:15 | ReturnValue | simple.cpp:84:14:84:20 | call to getf2f1 | #select +| A.cpp:49:10:49:13 | (void *)... | A.cpp:47:12:47:18 | new | A.cpp:49:10:49:13 | (void *)... | (void *)... flows from $@ | A.cpp:47:12:47:18 | new | new | +| A.cpp:56:10:56:17 | (void *)... | A.cpp:55:12:55:19 | (C *)... | A.cpp:56:10:56:17 | (void *)... | (void *)... flows from $@ | A.cpp:55:12:55:19 | (C *)... | (C *)... | +| A.cpp:56:10:56:17 | (void *)... | A.cpp:55:12:55:19 | new | A.cpp:56:10:56:17 | (void *)... | (void *)... flows from $@ | A.cpp:55:12:55:19 | new | new | | A.cpp:56:13:56:15 | call to get | A.cpp:55:12:55:19 | (C *)... | A.cpp:56:13:56:15 | call to get | call to get flows from $@ | A.cpp:55:12:55:19 | (C *)... | (C *)... | | A.cpp:56:13:56:15 | call to get | A.cpp:55:12:55:19 | new | A.cpp:56:13:56:15 | call to get | call to get flows from $@ | A.cpp:55:12:55:19 | new | new | +| A.cpp:57:10:57:32 | (void *)... | A.cpp:57:17:57:23 | new | A.cpp:57:10:57:32 | (void *)... | (void *)... flows from $@ | A.cpp:57:17:57:23 | new | new | | A.cpp:57:28:57:30 | call to get | A.cpp:57:17:57:23 | new | A.cpp:57:28:57:30 | call to get | call to get flows from $@ | A.cpp:57:17:57:23 | new | new | -| A.cpp:107:16:107:16 | a | A.cpp:98:12:98:18 | new | A.cpp:107:16:107:16 | a | a flows from $@ | A.cpp:98:12:98:18 | new | new | -| A.cpp:132:13:132:13 | c | A.cpp:126:12:126:18 | new | A.cpp:132:13:132:13 | c | c flows from $@ | A.cpp:126:12:126:18 | new | new | -| A.cpp:152:13:152:13 | b | A.cpp:143:25:143:31 | new | A.cpp:152:13:152:13 | b | b flows from $@ | A.cpp:143:25:143:31 | new | new | -| A.cpp:152:13:152:13 | b | A.cpp:150:12:150:18 | new | A.cpp:152:13:152:13 | b | b flows from $@ | A.cpp:150:12:150:18 | new | new | -| A.cpp:154:13:154:13 | c | A.cpp:142:14:142:20 | new | A.cpp:154:13:154:13 | c | c flows from $@ | A.cpp:142:14:142:20 | new | new | +| A.cpp:66:10:66:14 | (void *)... | A.cpp:64:21:64:28 | (C *)... | A.cpp:66:10:66:14 | (void *)... | (void *)... flows from $@ | A.cpp:64:21:64:28 | (C *)... | (C *)... | +| A.cpp:66:10:66:14 | (void *)... | A.cpp:64:21:64:28 | new | A.cpp:66:10:66:14 | (void *)... | (void *)... flows from $@ | A.cpp:64:21:64:28 | new | new | +| A.cpp:75:10:75:14 | (void *)... | A.cpp:73:25:73:32 | (C *)... | A.cpp:75:10:75:14 | (void *)... | (void *)... flows from $@ | A.cpp:73:25:73:32 | (C *)... | (C *)... | +| A.cpp:75:10:75:14 | (void *)... | A.cpp:73:25:73:32 | new | A.cpp:75:10:75:14 | (void *)... | (void *)... flows from $@ | A.cpp:73:25:73:32 | new | new | +| A.cpp:107:12:107:16 | (void *)... | A.cpp:98:12:98:18 | new | A.cpp:107:12:107:16 | (void *)... | (void *)... flows from $@ | A.cpp:98:12:98:18 | new | new | +| A.cpp:120:12:120:16 | (void *)... | A.cpp:98:12:98:18 | new | A.cpp:120:12:120:16 | (void *)... | (void *)... flows from $@ | A.cpp:98:12:98:18 | new | new | +| A.cpp:132:10:132:13 | (void *)... | A.cpp:126:12:126:18 | new | A.cpp:132:10:132:13 | (void *)... | (void *)... flows from $@ | A.cpp:126:12:126:18 | new | new | +| A.cpp:152:10:152:13 | (void *)... | A.cpp:143:25:143:31 | new | A.cpp:152:10:152:13 | (void *)... | (void *)... flows from $@ | A.cpp:143:25:143:31 | new | new | +| A.cpp:152:10:152:13 | (void *)... | A.cpp:150:12:150:18 | new | A.cpp:152:10:152:13 | (void *)... | (void *)... flows from $@ | A.cpp:150:12:150:18 | new | new | +| A.cpp:153:10:153:16 | (void *)... | A.cpp:142:14:142:20 | new | A.cpp:153:10:153:16 | (void *)... | (void *)... flows from $@ | A.cpp:142:14:142:20 | new | new | +| A.cpp:154:10:154:13 | (void *)... | A.cpp:142:14:142:20 | new | A.cpp:154:10:154:13 | (void *)... | (void *)... flows from $@ | A.cpp:142:14:142:20 | new | new | +| A.cpp:165:10:165:29 | (void *)... | A.cpp:159:12:159:18 | new | A.cpp:165:10:165:29 | (void *)... | (void *)... flows from $@ | A.cpp:159:12:159:18 | new | new | +| A.cpp:169:12:169:18 | (void *)... | A.cpp:159:12:159:18 | new | A.cpp:169:12:169:18 | (void *)... | (void *)... flows from $@ | A.cpp:159:12:159:18 | new | new | +| B.cpp:9:10:9:24 | (void *)... | B.cpp:6:15:6:24 | new | B.cpp:9:10:9:24 | (void *)... | (void *)... flows from $@ | B.cpp:6:15:6:24 | new | new | +| B.cpp:19:10:19:24 | (void *)... | B.cpp:15:15:15:27 | new | B.cpp:19:10:19:24 | (void *)... | (void *)... flows from $@ | B.cpp:15:15:15:27 | new | new | | C.cpp:29:10:29:11 | s1 | C.cpp:22:12:22:21 | new | C.cpp:29:10:29:11 | s1 | s1 flows from $@ | C.cpp:22:12:22:21 | new | new | -| C.cpp:31:10:31:11 | s3 | C.cpp:24:16:24:25 | new | C.cpp:31:10:31:11 | s3 | s3 flows from $@ | C.cpp:24:16:24:25 | new | new | +| D.cpp:22:10:22:33 | (void *)... | D.cpp:28:15:28:24 | new | D.cpp:22:10:22:33 | (void *)... | (void *)... flows from $@ | D.cpp:28:15:28:24 | new | new | +| D.cpp:22:10:22:33 | (void *)... | D.cpp:35:15:35:24 | new | D.cpp:22:10:22:33 | (void *)... | (void *)... flows from $@ | D.cpp:35:15:35:24 | new | new | +| D.cpp:22:10:22:33 | (void *)... | D.cpp:42:15:42:24 | new | D.cpp:22:10:22:33 | (void *)... | (void *)... flows from $@ | D.cpp:42:15:42:24 | new | new | +| D.cpp:22:10:22:33 | (void *)... | D.cpp:49:15:49:24 | new | D.cpp:22:10:22:33 | (void *)... | (void *)... flows from $@ | D.cpp:49:15:49:24 | new | new | +| D.cpp:22:25:22:31 | call to getElem | D.cpp:28:15:28:24 | new | D.cpp:22:25:22:31 | call to getElem | call to getElem flows from $@ | D.cpp:28:15:28:24 | new | new | +| D.cpp:22:25:22:31 | call to getElem | D.cpp:35:15:35:24 | new | D.cpp:22:25:22:31 | call to getElem | call to getElem flows from $@ | D.cpp:35:15:35:24 | new | new | +| D.cpp:22:25:22:31 | call to getElem | D.cpp:42:15:42:24 | new | D.cpp:22:25:22:31 | call to getElem | call to getElem flows from $@ | D.cpp:42:15:42:24 | new | new | +| D.cpp:22:25:22:31 | call to getElem | D.cpp:49:15:49:24 | new | D.cpp:22:25:22:31 | call to getElem | call to getElem flows from $@ | D.cpp:49:15:49:24 | new | new | +| D.cpp:64:10:64:28 | (void *)... | D.cpp:56:15:56:24 | new | D.cpp:64:10:64:28 | (void *)... | (void *)... flows from $@ | D.cpp:56:15:56:24 | new | new | +| E.cpp:21:18:21:23 | buffer | E.cpp:30:21:30:33 | argument_source output argument | E.cpp:21:18:21:23 | buffer | buffer flows from $@ | E.cpp:30:21:30:33 | argument_source output argument | argument_source output argument | +| E.cpp:31:10:31:12 | raw | E.cpp:28:21:28:23 | argument_source output argument | E.cpp:31:10:31:12 | raw | raw flows from $@ | E.cpp:28:21:28:23 | argument_source output argument | argument_source output argument | +| E.cpp:32:13:32:18 | buffer | E.cpp:29:21:29:29 | argument_source output argument | E.cpp:32:13:32:18 | buffer | buffer flows from $@ | E.cpp:29:21:29:29 | argument_source output argument | argument_source output argument | | aliasing.cpp:29:11:29:12 | m1 | aliasing.cpp:9:11:9:20 | call to user_input | aliasing.cpp:29:11:29:12 | m1 | m1 flows from $@ | aliasing.cpp:9:11:9:20 | call to user_input | call to user_input | | aliasing.cpp:30:11:30:12 | m1 | aliasing.cpp:13:10:13:19 | call to user_input | aliasing.cpp:30:11:30:12 | m1 | m1 flows from $@ | aliasing.cpp:13:10:13:19 | call to user_input | call to user_input | -| aliasing.cpp:38:11:38:12 | m1 | aliasing.cpp:37:13:37:22 | call to user_input | aliasing.cpp:38:11:38:12 | m1 | m1 flows from $@ | aliasing.cpp:37:13:37:22 | call to user_input | call to user_input | -| aliasing.cpp:43:13:43:14 | m1 | aliasing.cpp:42:11:42:20 | call to user_input | aliasing.cpp:43:13:43:14 | m1 | m1 flows from $@ | aliasing.cpp:42:11:42:20 | call to user_input | call to user_input | | aliasing.cpp:62:14:62:15 | m1 | aliasing.cpp:60:11:60:20 | call to user_input | aliasing.cpp:62:14:62:15 | m1 | m1 flows from $@ | aliasing.cpp:60:11:60:20 | call to user_input | call to user_input | -| aliasing.cpp:80:12:80:13 | m1 | aliasing.cpp:79:11:79:20 | call to user_input | aliasing.cpp:80:12:80:13 | m1 | m1 flows from $@ | aliasing.cpp:79:11:79:20 | call to user_input | call to user_input | -| aliasing.cpp:87:12:87:13 | m1 | aliasing.cpp:86:10:86:19 | call to user_input | aliasing.cpp:87:12:87:13 | m1 | m1 flows from $@ | aliasing.cpp:86:10:86:19 | call to user_input | call to user_input | | aliasing.cpp:93:12:93:13 | m1 | aliasing.cpp:92:12:92:21 | call to user_input | aliasing.cpp:93:12:93:13 | m1 | m1 flows from $@ | aliasing.cpp:92:12:92:21 | call to user_input | call to user_input | -| aliasing.cpp:102:8:102:10 | * ... | aliasing.cpp:98:10:98:19 | call to user_input | aliasing.cpp:102:8:102:10 | * ... | * ... flows from $@ | aliasing.cpp:98:10:98:19 | call to user_input | call to user_input | -| aliasing.cpp:122:8:122:12 | access to array | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:122:8:122:12 | access to array | access to array flows from $@ | aliasing.cpp:106:9:106:18 | call to user_input | call to user_input | -| aliasing.cpp:132:8:132:14 | * ... | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:132:8:132:14 | * ... | * ... flows from $@ | aliasing.cpp:106:9:106:18 | call to user_input | call to user_input | -| aliasing.cpp:137:8:137:11 | * ... | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:137:8:137:11 | * ... | * ... flows from $@ | aliasing.cpp:106:9:106:18 | call to user_input | call to user_input | +| aliasing.cpp:143:8:143:16 | access to array | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:143:8:143:16 | access to array | access to array flows from $@ | aliasing.cpp:106:9:106:18 | call to user_input | call to user_input | +| aliasing.cpp:159:8:159:14 | * ... | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:159:8:159:14 | * ... | * ... flows from $@ | aliasing.cpp:106:9:106:18 | call to user_input | call to user_input | +| aliasing.cpp:165:8:165:16 | access to array | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:165:8:165:16 | access to array | access to array flows from $@ | aliasing.cpp:106:9:106:18 | call to user_input | call to user_input | | aliasing.cpp:176:13:176:14 | m1 | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:176:13:176:14 | m1 | m1 flows from $@ | aliasing.cpp:106:9:106:18 | call to user_input | call to user_input | | aliasing.cpp:189:15:189:16 | m1 | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:189:15:189:16 | m1 | m1 flows from $@ | aliasing.cpp:106:9:106:18 | call to user_input | call to user_input | | aliasing.cpp:201:15:201:16 | m1 | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:201:15:201:16 | m1 | m1 flows from $@ | aliasing.cpp:106:9:106:18 | call to user_input | call to user_input | | arrays.cpp:7:8:7:13 | access to array | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:7:8:7:13 | access to array | access to array flows from $@ | arrays.cpp:6:12:6:21 | call to user_input | call to user_input | +| arrays.cpp:8:8:8:13 | access to array | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:8:8:8:13 | access to array | access to array flows from $@ | arrays.cpp:6:12:6:21 | call to user_input | call to user_input | | arrays.cpp:9:8:9:11 | * ... | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:9:8:9:11 | * ... | * ... flows from $@ | arrays.cpp:6:12:6:21 | call to user_input | call to user_input | | arrays.cpp:10:8:10:15 | * ... | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:10:8:10:15 | * ... | * ... flows from $@ | arrays.cpp:6:12:6:21 | call to user_input | call to user_input | | arrays.cpp:16:8:16:13 | access to array | arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:16:8:16:13 | access to array | access to array flows from $@ | arrays.cpp:15:14:15:23 | call to user_input | call to user_input | +| arrays.cpp:17:8:17:13 | access to array | arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:17:8:17:13 | access to array | access to array flows from $@ | arrays.cpp:15:14:15:23 | call to user_input | call to user_input | | arrays.cpp:37:24:37:27 | data | arrays.cpp:36:26:36:35 | call to user_input | arrays.cpp:37:24:37:27 | data | data flows from $@ | arrays.cpp:36:26:36:35 | call to user_input | call to user_input | +| arrays.cpp:38:24:38:27 | data | arrays.cpp:36:26:36:35 | call to user_input | arrays.cpp:38:24:38:27 | data | data flows from $@ | arrays.cpp:36:26:36:35 | call to user_input | call to user_input | +| arrays.cpp:43:27:43:30 | data | arrays.cpp:42:29:42:38 | call to user_input | arrays.cpp:43:27:43:30 | data | data flows from $@ | arrays.cpp:42:29:42:38 | call to user_input | call to user_input | +| arrays.cpp:44:27:44:30 | data | arrays.cpp:42:29:42:38 | call to user_input | arrays.cpp:44:27:44:30 | data | data flows from $@ | arrays.cpp:42:29:42:38 | call to user_input | call to user_input | +| arrays.cpp:49:27:49:30 | data | arrays.cpp:48:29:48:38 | call to user_input | arrays.cpp:49:27:49:30 | data | data flows from $@ | arrays.cpp:48:29:48:38 | call to user_input | call to user_input | +| arrays.cpp:50:27:50:30 | data | arrays.cpp:48:29:48:38 | call to user_input | arrays.cpp:50:27:50:30 | data | data flows from $@ | arrays.cpp:48:29:48:38 | call to user_input | call to user_input | | by_reference.cpp:51:10:51:20 | call to getDirectly | by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:51:10:51:20 | call to getDirectly | call to getDirectly flows from $@ | by_reference.cpp:50:17:50:26 | call to user_input | call to user_input | | by_reference.cpp:57:10:57:22 | call to getIndirectly | by_reference.cpp:56:19:56:28 | call to user_input | by_reference.cpp:57:10:57:22 | call to getIndirectly | call to getIndirectly flows from $@ | by_reference.cpp:56:19:56:28 | call to user_input | call to user_input | | by_reference.cpp:63:10:63:28 | call to getThroughNonMember | by_reference.cpp:62:25:62:34 | call to user_input | by_reference.cpp:63:10:63:28 | call to getThroughNonMember | call to getThroughNonMember flows from $@ | by_reference.cpp:62:25:62:34 | call to user_input | call to user_input | | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | by_reference.cpp:68:21:68:30 | call to user_input | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | call to nonMemberGetA flows from $@ | by_reference.cpp:68:21:68:30 | call to user_input | call to user_input | | by_reference.cpp:110:27:110:27 | a | by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:110:27:110:27 | a | a flows from $@ | by_reference.cpp:84:14:84:23 | call to user_input | call to user_input | +| by_reference.cpp:111:25:111:25 | a | by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:111:25:111:25 | a | a flows from $@ | by_reference.cpp:84:14:84:23 | call to user_input | call to user_input | | by_reference.cpp:112:14:112:14 | a | by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:112:14:112:14 | a | a flows from $@ | by_reference.cpp:92:9:92:18 | call to user_input | call to user_input | | by_reference.cpp:114:29:114:29 | a | by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:114:29:114:29 | a | a flows from $@ | by_reference.cpp:84:14:84:23 | call to user_input | call to user_input | +| by_reference.cpp:115:27:115:27 | a | by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:115:27:115:27 | a | a flows from $@ | by_reference.cpp:84:14:84:23 | call to user_input | call to user_input | | by_reference.cpp:116:16:116:16 | a | by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:116:16:116:16 | a | a flows from $@ | by_reference.cpp:92:9:92:18 | call to user_input | call to user_input | | by_reference.cpp:130:27:130:27 | a | by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:130:27:130:27 | a | a flows from $@ | by_reference.cpp:88:13:88:22 | call to user_input | call to user_input | +| by_reference.cpp:131:25:131:25 | a | by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:131:25:131:25 | a | a flows from $@ | by_reference.cpp:88:13:88:22 | call to user_input | call to user_input | | by_reference.cpp:132:14:132:14 | a | by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:132:14:132:14 | a | a flows from $@ | by_reference.cpp:96:8:96:17 | call to user_input | call to user_input | | by_reference.cpp:134:29:134:29 | a | by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:134:29:134:29 | a | a flows from $@ | by_reference.cpp:88:13:88:22 | call to user_input | call to user_input | +| by_reference.cpp:135:27:135:27 | a | by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:135:27:135:27 | a | a flows from $@ | by_reference.cpp:88:13:88:22 | call to user_input | call to user_input | | by_reference.cpp:136:16:136:16 | a | by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:136:16:136:16 | a | a flows from $@ | by_reference.cpp:96:8:96:17 | call to user_input | call to user_input | | complex.cpp:42:18:42:18 | call to a | complex.cpp:53:19:53:28 | call to user_input | complex.cpp:42:18:42:18 | call to a | call to a flows from $@ | complex.cpp:53:19:53:28 | call to user_input | call to user_input | | complex.cpp:42:18:42:18 | call to a | complex.cpp:55:19:55:28 | call to user_input | complex.cpp:42:18:42:18 | call to a | call to a flows from $@ | complex.cpp:55:19:55:28 | call to user_input | call to user_input | | complex.cpp:43:18:43:18 | call to b | complex.cpp:54:19:54:28 | call to user_input | complex.cpp:43:18:43:18 | call to b | call to b flows from $@ | complex.cpp:54:19:54:28 | call to user_input | call to user_input | | complex.cpp:43:18:43:18 | call to b | complex.cpp:56:19:56:28 | call to user_input | complex.cpp:43:18:43:18 | call to b | call to b flows from $@ | complex.cpp:56:19:56:28 | call to user_input | call to user_input | +| conflated.cpp:11:8:11:12 | * ... | conflated.cpp:10:11:10:20 | call to user_input | conflated.cpp:11:8:11:12 | * ... | * ... flows from $@ | conflated.cpp:10:11:10:20 | call to user_input | call to user_input | +| conflated.cpp:20:8:20:10 | (void *)... | conflated.cpp:19:19:19:21 | argument_source output argument | conflated.cpp:20:8:20:10 | (void *)... | (void *)... flows from $@ | conflated.cpp:19:19:19:21 | argument_source output argument | argument_source output argument | +| conflated.cpp:20:8:20:10 | raw | conflated.cpp:19:19:19:21 | argument_source output argument | conflated.cpp:20:8:20:10 | raw | raw flows from $@ | conflated.cpp:19:19:19:21 | argument_source output argument | argument_source output argument | +| conflated.cpp:30:12:30:12 | x | conflated.cpp:29:11:29:20 | call to user_input | conflated.cpp:30:12:30:12 | x | x flows from $@ | conflated.cpp:29:11:29:20 | call to user_input | call to user_input | +| conflated.cpp:37:12:37:12 | x | conflated.cpp:36:11:36:20 | call to user_input | conflated.cpp:37:12:37:12 | x | x flows from $@ | conflated.cpp:36:11:36:20 | call to user_input | call to user_input | +| conflated.cpp:55:18:55:18 | y | conflated.cpp:54:17:54:26 | call to user_input | conflated.cpp:55:18:55:18 | y | y flows from $@ | conflated.cpp:54:17:54:26 | call to user_input | call to user_input | +| conflated.cpp:61:18:61:18 | y | conflated.cpp:60:17:60:26 | call to user_input | conflated.cpp:61:18:61:18 | y | y flows from $@ | conflated.cpp:60:17:60:26 | call to user_input | call to user_input | | constructors.cpp:28:12:28:12 | call to a | constructors.cpp:34:11:34:20 | call to user_input | constructors.cpp:28:12:28:12 | call to a | call to a flows from $@ | constructors.cpp:34:11:34:20 | call to user_input | call to user_input | | constructors.cpp:28:12:28:12 | call to a | constructors.cpp:36:11:36:20 | call to user_input | constructors.cpp:28:12:28:12 | call to a | call to a flows from $@ | constructors.cpp:36:11:36:20 | call to user_input | call to user_input | | constructors.cpp:29:12:29:12 | call to b | constructors.cpp:35:14:35:23 | call to user_input | constructors.cpp:29:12:29:12 | call to b | call to b flows from $@ | constructors.cpp:35:14:35:23 | call to user_input | call to user_input | | constructors.cpp:29:12:29:12 | call to b | constructors.cpp:36:25:36:34 | call to user_input | constructors.cpp:29:12:29:12 | call to b | call to b flows from $@ | constructors.cpp:36:25:36:34 | call to user_input | call to user_input | +| qualifiers.cpp:23:23:23:23 | a | qualifiers.cpp:22:27:22:36 | call to user_input | qualifiers.cpp:23:23:23:23 | a | a flows from $@ | qualifiers.cpp:22:27:22:36 | call to user_input | call to user_input | +| qualifiers.cpp:28:23:28:23 | a | qualifiers.cpp:27:28:27:37 | call to user_input | qualifiers.cpp:28:23:28:23 | a | a flows from $@ | qualifiers.cpp:27:28:27:37 | call to user_input | call to user_input | +| qualifiers.cpp:33:23:33:23 | a | qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:33:23:33:23 | a | a flows from $@ | qualifiers.cpp:32:35:32:44 | call to user_input | call to user_input | +| qualifiers.cpp:38:23:38:23 | a | qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:38:23:38:23 | a | a flows from $@ | qualifiers.cpp:37:38:37:47 | call to user_input | call to user_input | +| qualifiers.cpp:43:23:43:23 | a | qualifiers.cpp:42:29:42:38 | call to user_input | qualifiers.cpp:43:23:43:23 | a | a flows from $@ | qualifiers.cpp:42:29:42:38 | call to user_input | call to user_input | +| qualifiers.cpp:48:23:48:23 | a | qualifiers.cpp:47:31:47:40 | call to user_input | qualifiers.cpp:48:23:48:23 | a | a flows from $@ | qualifiers.cpp:47:31:47:40 | call to user_input | call to user_input | +| realistic.cpp:61:14:61:55 | (void *)... | realistic.cpp:53:47:53:66 | (size_t)... | realistic.cpp:61:14:61:55 | (void *)... | (void *)... flows from $@ | realistic.cpp:53:47:53:66 | (size_t)... | (size_t)... | +| realistic.cpp:61:14:61:55 | (void *)... | realistic.cpp:53:55:53:64 | call to user_input | realistic.cpp:61:14:61:55 | (void *)... | (void *)... flows from $@ | realistic.cpp:53:55:53:64 | call to user_input | call to user_input | | simple.cpp:28:12:28:12 | call to a | simple.cpp:39:12:39:21 | call to user_input | simple.cpp:28:12:28:12 | call to a | call to a flows from $@ | simple.cpp:39:12:39:21 | call to user_input | call to user_input | | simple.cpp:28:12:28:12 | call to a | simple.cpp:41:12:41:21 | call to user_input | simple.cpp:28:12:28:12 | call to a | call to a flows from $@ | simple.cpp:41:12:41:21 | call to user_input | call to user_input | | simple.cpp:29:12:29:12 | call to b | simple.cpp:40:12:40:21 | call to user_input | simple.cpp:29:12:29:12 | call to b | call to b flows from $@ | simple.cpp:40:12:40:21 | call to user_input | call to user_input | diff --git a/cpp/ql/test/library-tests/dataflow/fields/qualifiers.cpp b/cpp/ql/test/library-tests/dataflow/fields/qualifiers.cpp index 18798c1f5fe..3b5b8c32b61 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/qualifiers.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/qualifiers.cpp @@ -20,31 +20,31 @@ namespace qualifiers { void assignToGetter(Outer outer) { outer.getInner()->a = user_input(); - sink(outer.inner->a); // $ ast MISSING: ir + sink(outer.inner->a); // $ ast,ir } void getterArgument1(Outer outer) { outer.getInner()->setA(user_input()); - sink(outer.inner->a); // $ ast MISSING: ir + sink(outer.inner->a); // $ ast,ir } void getterArgument2(Outer outer) { pointerSetA(outer.getInner(), user_input()); - sink(outer.inner->a); // $ ast MISSING: ir + sink(outer.inner->a); // $ ast,ir } void getterArgument2Ref(Outer outer) { referenceSetA(*outer.getInner(), user_input()); - sink(outer.inner->a); // $ ast MISSING: ir + sink(outer.inner->a); // $ ast,ir } void assignToGetterStar(Outer outer) { (*outer.getInner()).a = user_input(); - sink(outer.inner->a); // $ ast MISSING: ir + sink(outer.inner->a); // $ ast,ir } void assignToGetterAmp(Outer outer) { (&outer)->getInner()->a = user_input(); - sink(outer.inner->a); // $ ast MISSING: ir + sink(outer.inner->a); // $ ast,ir } } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/fields/realistic.cpp b/cpp/ql/test/library-tests/dataflow/fields/realistic.cpp index 89f1b4f6248..a185382914f 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/realistic.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/realistic.cpp @@ -58,7 +58,7 @@ int main(int argc, char** argv) { return -1; } memcpy(dst, foo.bar[i].baz->userInput.buffer, foo.bar[i].baz->userInput.bufferLen); - sink((void*)foo.bar[i].baz->userInput.bufferLen); // $ ast MISSING: ir + sink((void*)foo.bar[i].baz->userInput.bufferLen); // $ ast ir=53:47 ir=53:55 // There is no flow to the following two `sink` calls because the // source is the _pointer_ returned by `user_input` rather than the // _data_ to which it points. diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected index 2b1b021716b..ac95d5659a3 100644 --- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected +++ b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected @@ -10,6 +10,10 @@ | test.cpp:49:23:49:28 | call to getenv | test.cpp:50:29:50:40 | envStrGlobal | AST only | | test.cpp:49:23:49:28 | call to getenv | test.cpp:52:2:52:12 | * ... | AST only | | test.cpp:49:23:49:28 | call to getenv | test.cpp:52:3:52:12 | envStr_ptr | AST only | +| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:6:54:35 | ! ... | AST only | +| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:12 | call to strcmp | AST only | +| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:35 | (bool)... | AST only | +| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:14:54:25 | envStrGlobal | AST only | | test.cpp:60:29:60:34 | call to getenv | test.cpp:10:27:10:27 | s | AST only | | test.cpp:60:29:60:34 | call to getenv | test.cpp:60:18:60:25 | userName | AST only | | test.cpp:68:28:68:33 | call to getenv | test.cpp:11:20:11:21 | s1 | AST only | diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected index fb19ea7fc9f..01d8f5092ed 100644 --- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected +++ b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected @@ -14,10 +14,6 @@ | test.cpp:49:23:49:28 | call to getenv | test.cpp:49:23:49:28 | call to getenv | | test.cpp:49:23:49:28 | call to getenv | test.cpp:49:23:49:40 | (const char *)... | | test.cpp:49:23:49:28 | call to getenv | test.cpp:52:16:52:21 | envStr | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:6:54:35 | ! ... | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:12 | call to strcmp | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:35 | (bool)... | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:14:54:25 | envStrGlobal | | test.cpp:60:29:60:34 | call to getenv | test.cpp:60:29:60:34 | call to getenv | | test.cpp:60:29:60:34 | call to getenv | test.cpp:60:29:60:47 | (const char *)... | | test.cpp:60:29:60:34 | call to getenv | test.cpp:64:25:64:32 | userName | diff --git a/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/test.cpp b/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/test.cpp index bd24f0e72f2..7836bc01c8e 100644 --- a/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/test.cpp @@ -7,7 +7,7 @@ void test_unique_ptr_int() { std::unique_ptr p1(new int(source())); std::unique_ptr p2 = std::make_unique(source()); - sink(*p1); // $ ir MISSING: ast + sink(*p1); // $ MISSING: ast,ir sink(*p2); // $ ast ir=8:50 } @@ -21,7 +21,7 @@ void test_unique_ptr_struct() { std::unique_ptr p1(new A{source(), 0}); std::unique_ptr p2 = std::make_unique(source(), 0); - sink(p1->x); // $ ir MISSING: ast + sink(p1->x); // $ MISSING: ast,ir sink(p1->y); sink(p2->x); // $ MISSING: ast,ir sink(p2->y); @@ -31,7 +31,7 @@ void test_shared_ptr_int() { std::shared_ptr p1(new int(source())); std::shared_ptr p2 = std::make_shared(source()); - sink(*p1); // $ ast ir + sink(*p1); // $ ast MISSING: ir sink(*p2); // $ ast ir=32:50 } @@ -39,7 +39,7 @@ void test_shared_ptr_struct() { std::shared_ptr p1(new A{source(), 0}); std::shared_ptr p2 = std::make_shared(source(), 0); - sink(p1->x); // $ ir MISSING: ast + sink(p1->x); // $ MISSING: ast,ir sink(p1->y); sink(p2->x); // $ MISSING: ast,ir sink(p2->y); diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp index dbec5f52d56..011c6bc1fe7 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp @@ -13,10 +13,10 @@ void test_pointer_deref_assignment() *p_x = source(); - sink(x); // $ ir MISSING: ast + sink(x); // $ MISSING: ast,ir sink(*p_x); // $ ast,ir - sink(*p2_x); // $ ir MISSING: ast - sink(r_x); // $ ir MISSING: ast + sink(*p2_x); // $ MISSING: ast,ir + sink(r_x); // $ MISSING: ast,ir } void test_reference_deref_assignment() @@ -28,10 +28,10 @@ void test_reference_deref_assignment() r_x = source(); - sink(x); // $ ir MISSING: ast - sink(*p_x); // $ ir MISSING: ast + sink(x); // $ MISSING: ast,ir + sink(*p_x); // $ MISSING: ast,ir sink(r_x); // $ ast,ir - sink(r2_x); // $ ir MISSING: ast + sink(r2_x); // $ MISSING: ast,ir } class MyInt @@ -53,7 +53,7 @@ void test_myint_member_assignment() mi.i = source(); - sink(mi); // $ ir MISSING: ast + sink(mi); // $ MISSING: ast,ir sink(mi.get()); // $ ast,ir } @@ -107,7 +107,7 @@ void test_myarray_method_assignment() ma.get(0) = source(); - sink(ma.get(0)); // $ MISSING: ast,ir + sink(ma.get(0)); // $ ir MISSING: ast } void test_myarray_overloaded_assignment() @@ -133,15 +133,15 @@ void test_array_reference_assignment() ref1 = source(); sink(ref1); // $ ast,ir - sink(arr1[5]); // $ ir MISSING: ast + sink(arr1[5]); // $ MISSING: ast,ir ptr2 = &(arr2[5]); *ptr2 = source(); sink(*ptr2); // $ ast,ir - sink(arr2[5]); // $ ir MISSING: ast + sink(arr2[5]); // $ MISSING: ast,ir ptr3 = arr3; ptr3[5] = source(); sink(ptr3[5]); // $ ast,ir - sink(arr3[5]); // $ ir MISSING: ast + sink(arr3[5]); // $ MISSING: ast,ir } diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp index 4e85a6b9aa3..e044dbb62a5 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp @@ -28,12 +28,12 @@ void test_pair() b.first = source(); sink(b.first); // $ ast,ir sink(b.second); - sink(b); // $ MISSING: ast,ir + sink(b); // $ ir MISSING: ast c.second = source(); sink(c.first); sink(c.second); // $ ast,ir - sink(c); // $ MISSING: ast,ir + sink(c); // $ ir MISSING: ast std::pair d("123", "456"); sink(d.first); @@ -43,21 +43,21 @@ void test_pair() std::pair e(source(), "456"); sink(e.first); // $ ast,ir sink(e.second); - sink(e); // $ MISSING: ast,ir + sink(e); // $ ir MISSING: ast std::pair f("123", source()); - sink(f.first); // $ SPURIOUS: ir + sink(f.first); sink(f.second); // $ ast,ir sink(f); // $ ast,ir std::pair g(f); - sink(g.first); // $ SPURIOUS: ir + sink(g.first); sink(g.second); // $ ast,ir sink(g); // $ ast,ir std::pair h; h = f; - sink(h.first); // $ SPURIOUS: ir + sink(h.first); sink(h.second); // $ ast,ir sink(h); // $ ast,ir @@ -67,17 +67,17 @@ void test_pair() std::pair l("123", "456"); i.swap(j); k.swap(l); - sink(i.first); // $ SPURIOUS: ir - sink(i.second); // $ ir MISSING: ast + sink(i.first); + sink(i.second); // $ MISSING: ast,ir sink(i); // $ ast,ir - sink(j.first); // $ SPURIOUS: ir + sink(j.first); sink(j.second); // $ SPURIOUS: ast,ir sink(j); // $ SPURIOUS: ast,ir - sink(k.first); // $ SPURIOUS: ir + sink(k.first); sink(k.second); // $ SPURIOUS: ast,ir sink(k); // $ SPURIOUS: ast,ir - sink(l.first); // $ SPURIOUS: ir - sink(l.second); // $ ir MISSING: ast + sink(l.first); + sink(l.second); // $ MISSING: ast,ir sink(l); // $ ast,ir sink(make_pair("123", "456")); @@ -87,7 +87,7 @@ void test_pair() sink(make_pair(source(), "456").first); // $ ast,ir sink(make_pair(source(), "456").second); sink(make_pair("123", source())); // $ ast,ir - sink(make_pair("123", source()).first); // $ SPURIOUS: ir + sink(make_pair("123", source()).first); sink(make_pair("123", source()).second); // $ ast,ir std::pair, char *> m; @@ -105,10 +105,10 @@ void test_map() std::map m1, m2, m3, m4, m5, m6; sink(m1.insert(std::make_pair("abc", "def")).first); - sink(m2.insert(std::make_pair("abc", source())).first); // $ SPURIOUS: ir + sink(m2.insert(std::make_pair("abc", source())).first); sink(m3.insert(std::make_pair(source(), "def")).first); // $ MISSING: ast,ir sink(m4.insert(m4.begin(), std::pair("abc", source()))); // $ ast,ir - sink(m5.insert_or_assign("abc", source()).first); // $ SPURIOUS: ir + sink(m5.insert_or_assign("abc", source()).first); sink(m6.insert_or_assign(m6.begin(), "abc", source())); // $ ast,ir sink(m1); sink(m2); // $ ast,ir @@ -169,9 +169,9 @@ void test_map() sink(m12.at("abc") = "def"); sink(m13.at("abc") = source()); // $ ast,ir sink(m10["abc"]); - sink(m11["abc"]); // $ ast MISSING: ir + sink(m11["abc"]); // $ ast,ir sink(m12["abc"]); - sink(m13["abc"]); // $ ast MISSING: ir + sink(m13["abc"]); // $ ast,ir // ranges std::map m14; @@ -179,12 +179,12 @@ void test_map() m14.insert(std::make_pair("b", source())); m14.insert(std::make_pair("c", source())); m14.insert(std::make_pair("d", "d")); - sink(m2.lower_bound("b")); // $ ast,ir - sink(m2.upper_bound("b")); // $ ast,ir - sink(m2.equal_range("b").first); // $ ir - sink(m2.equal_range("b").second); // $ ir MISSING: ast - sink(m2.upper_bound("c")); // $ SPURIOUS: ast,ir - sink(m2.equal_range("c").second); // $ SPURIOUS: ir + sink(m2.lower_bound("b")); // $ ast MISSING: ir + sink(m2.upper_bound("b")); // $ ast MISSING: ir + sink(m2.equal_range("b").first); // $ MISSING: ast,ir + sink(m2.equal_range("b").second); // $ MISSING: ast,ir + sink(m2.upper_bound("c")); // $ SPURIOUS: ast + sink(m2.equal_range("c").second); // swap std::map m15, m16, m17, m18; @@ -232,7 +232,7 @@ void test_map() std::map m24, m25; sink(m24.emplace("abc", "def").first); sink(m24); - sink(m24.emplace("abc", source()).first); // $ SPURIOUS: ir + sink(m24.emplace("abc", source()).first); sink(m24); // $ ast,ir sink(m25.emplace_hint(m25.begin(), "abc", "def")); sink(m25); @@ -243,7 +243,7 @@ void test_map() std::map m26, m27; sink(m26.try_emplace("abc", "def").first); sink(m26); - sink(m26.try_emplace("abc", source()).first); // $ SPURIOUS: ir + sink(m26.try_emplace("abc", source()).first); sink(m26); // $ ast,ir sink(m27.try_emplace(m27.begin(), "abc", "def")); sink(m27); @@ -257,10 +257,10 @@ void test_unordered_map() std::unordered_map m1, m2, m3, m4, m5, m6; sink(m1.insert(std::make_pair("abc", "def")).first); - sink(m2.insert(std::make_pair("abc", source())).first); // $ SPURIOUS: ir + sink(m2.insert(std::make_pair("abc", source())).first); sink(m3.insert(std::make_pair(source(), "def")).first); // $ MISSING: ast,ir sink(m4.insert(m4.begin(), std::pair("abc", source()))); // $ ast,ir - sink(m5.insert_or_assign("abc", source()).first); // $ SPURIOUS: ir + sink(m5.insert_or_assign("abc", source()).first); sink(m6.insert_or_assign(m6.begin(), "abc", source())); // $ ast,ir sink(m1); sink(m2); // $ ast,ir @@ -321,9 +321,9 @@ void test_unordered_map() sink(m12.at("abc") = "def"); sink(m13.at("abc") = source()); // $ ast,ir sink(m10["abc"]); - sink(m11["abc"]); // $ ast MISSING: ir + sink(m11["abc"]); // $ ast,ir sink(m12["abc"]); - sink(m13["abc"]); // $ ast MISSING: ir + sink(m13["abc"]); // $ ast,ir // ranges std::unordered_map m14; @@ -331,9 +331,9 @@ void test_unordered_map() m14.insert(std::make_pair("b", source())); m14.insert(std::make_pair("c", source())); m14.insert(std::make_pair("d", "d")); - sink(m2.equal_range("b").first); // $ ir - sink(m2.equal_range("b").second); // $ ir MISSING: ast - sink(m2.equal_range("c").second); // $ SPURIOUS: ir + sink(m2.equal_range("b").first); + sink(m2.equal_range("b").second); // $ MISSING: ast,ir + sink(m2.equal_range("c").second); // swap std::unordered_map m15, m16, m17, m18; @@ -381,7 +381,7 @@ void test_unordered_map() std::unordered_map m24, m25; sink(m24.emplace("abc", "def").first); sink(m24); - sink(m24.emplace("abc", source()).first); // $ SPURIOUS: ir + sink(m24.emplace("abc", source()).first); sink(m24); // $ ast,ir sink(m25.emplace_hint(m25.begin(), "abc", "def")); sink(m25); @@ -393,8 +393,8 @@ void test_unordered_map() sink(m26.try_emplace("abc", "def").first); sink(m26.try_emplace("abc", "def").second); sink(m26); - sink(m26.try_emplace("abc", source()).first); // $ SPURIOUS: ir - sink(m26.try_emplace("abc", source()).second); // $ ir=396:30 SPURIOUS: ir=397:30 MISSING: ast=396:30 + sink(m26.try_emplace("abc", source()).first); + sink(m26.try_emplace("abc", source()).second); // $ MISSING: ast,ir=396:30 sink(m26); // $ ast,ir=396:30 SPURIOUS: ast,ir=397:30 sink(m27.try_emplace(m27.begin(), "abc", "def")); sink(m27); @@ -428,7 +428,7 @@ void test_unordered_map() std::unordered_map m34, m35; sink(m34.emplace(std::pair("abc", "def")).first); sink(m34); - sink(m34.emplace(std::pair("abc", source())).first); // $ SPURIOUS: ir + sink(m34.emplace(std::pair("abc", source())).first); sink(m34); // $ ast,ir sink(m34.emplace_hint(m34.begin(), "abc", "def")); // $ ast,ir sink(m35.emplace().first); diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/set.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/set.cpp index 86060ed87d8..c6c19d90089 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/set.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/set.cpp @@ -17,7 +17,7 @@ void test_set() std::set s1, s2, s3, s4, s5, s6; sink(s1.insert("abc").first); - sink(s2.insert(source()).first); // $ ir MISSING: ast + sink(s2.insert(source()).first); // $ MISSING: ast,ir sink(s3.insert(s3.begin(), "abc")); sink(s4.insert(s4.begin(), source())); // $ ast,ir s5.insert(s1.begin(), s1.end()); @@ -68,8 +68,8 @@ void test_set() s11.insert("c"); sink(s11.lower_bound("b")); // $ ast,ir sink(s11.upper_bound("b")); // $ ast,ir - sink(s11.equal_range("b").first); // $ ir MISSING: ast - sink(s11.equal_range("b").second); // $ ir MISSING: ast + sink(s11.equal_range("b").first); // $ MISSING: ast,ir + sink(s11.equal_range("b").second); // $ MISSING: ast,ir // swap std::set s12, s13, s14, s15; @@ -117,7 +117,7 @@ void test_set() std::set s21, s22; sink(s21.emplace("abc").first); sink(s21); - sink(s21.emplace(source()).first); // $ ir MISSING: ast + sink(s21.emplace(source()).first); // $ MISSING: ast,ir sink(s21); // $ ast,ir sink(s22.emplace_hint(s22.begin(), "abc")); sink(s22); @@ -131,7 +131,7 @@ void test_unordered_set() std::unordered_set s1, s2, s3, s4, s5, s6; sink(s1.insert("abc").first); - sink(s2.insert(source()).first); // $ ir MISSING: ast + sink(s2.insert(source()).first); // $ MISSING: ast,ir sink(s3.insert(s3.begin(), "abc")); sink(s4.insert(s4.begin(), source())); // $ ast,ir s5.insert(s1.begin(), s1.end()); @@ -180,8 +180,8 @@ void test_unordered_set() s11.insert("a"); s11.insert(source()); s11.insert("c"); - sink(s11.equal_range("b").first); // $ ir MISSING: ast - sink(s11.equal_range("b").second); // $ ir MISSING: ast + sink(s11.equal_range("b").first); // $ MISSING: ast,ir + sink(s11.equal_range("b").second); // $ MISSING: ast,ir // swap std::unordered_set s12, s13, s14, s15; @@ -229,7 +229,7 @@ void test_unordered_set() std::unordered_set s21, s22; sink(s21.emplace("abc").first); sink(s21); - sink(s21.emplace(source()).first); // $ ir MISSING: ast + sink(s21.emplace(source()).first); // $ MISSING: ast,ir sink(s21); // $ ast,ir sink(s22.emplace_hint(s22.begin(), "abc")); sink(s22); diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/smart_pointer.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/smart_pointer.cpp index 28e44779009..0771c1b7432 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/smart_pointer.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/smart_pointer.cpp @@ -101,7 +101,7 @@ void taint_x(A* pa) { void reverse_taint_smart_pointer() { std::unique_ptr p = std::unique_ptr(new A); taint_x(p.get()); - sink(p->x); // $ ast,ir + sink(p->x); // $ ast MISSING: ir } struct C { diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp index 9ce653c654a..78428c60224 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp @@ -127,7 +127,7 @@ void test_range_based_for_loop_string() { } for(char& c : s) { - sink(c); // $ ast,ir + sink(c); // $ ast MISSING: ir } const std::string const_s(source()); @@ -337,9 +337,9 @@ void test_string_at() b.at(0) = ns_char::source(); c[0] = a[0]; - sink(a); // $ ast MISSING: ir - sink(b); // $ ast MISSING: ir - sink(c); // $ ast MISSING: ir + sink(a); // $ ast,ir + sink(b); // $ ast,ir + sink(c); // $ ast,ir } void test_string_data_more() @@ -347,8 +347,8 @@ void test_string_data_more() std::string str("123"); str.data()[1] = ns_char::source(); - sink(str); // $ ast MISSING: ir - sink(str.data()); // $ ast MISSING: ir + sink(str); // $ ast,ir + sink(str.data()); // $ ast,ir } void test_string_iterators() { @@ -540,7 +540,7 @@ void test_string_return_assign() { sink(b); sink(c); // $ ast,ir sink(d); // $ ast,ir - sink(e); // $ ast MISSING: ir + sink(e); // $ ast,ir sink(f); // $ ast,ir } @@ -560,7 +560,7 @@ void test_string_return_assign() { sink(b); sink(c); // $ ast,ir sink(d); // $ ast,ir - sink(e); // $ ast MISSING: ir + sink(e); // $ ast,ir sink(f); // $ SPURIOUS: ast,ir } } diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/stringstream.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/stringstream.cpp index 249c8ac21bf..a84b3606f92 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/stringstream.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/stringstream.cpp @@ -36,12 +36,12 @@ void test_stringstream_string(int amount) sink(ss1); sink(ss2); // $ ast,ir - sink(ss3); // $ ast MISSING: ir + sink(ss3); // $ ast,ir sink(ss4); // $ ast,ir sink(ss5); // $ ast,ir sink(ss1.str()); sink(ss2.str()); // $ ast,ir - sink(ss3.str()); // $ ast MISSING: ir + sink(ss3.str()); // $ ast,ir sink(ss4.str()); // $ ast,ir sink(ss5.str()); // $ ast,ir @@ -57,14 +57,14 @@ void test_stringstream_string(int amount) sink(ss10.put('a').put(ns_char::source()).put('z')); // $ ast,ir sink(ss8); sink(ss9); // $ ast,ir - sink(ss10); // $ ast MISSING: ir + sink(ss10); // $ ast,ir sink(ss11.write("begin", 5)); sink(ss12.write(source(), 5)); // $ ast,ir sink(ss13.write("begin", 5).write(source(), amount).write("end", 3)); // $ ast,ir sink(ss11); sink(ss12); // $ ast,ir - sink(ss13); // $ ast MISSING: ir + sink(ss13); // $ ast,ir } void test_stringstream_int(int source) @@ -264,5 +264,5 @@ void test_chaining() sink(b2); // $ ast,ir sink(ss2.write("abc", 3).flush().write(source(), 3).flush().write("xyz", 3)); // $ ast,ir - sink(ss2); // $ ast MISSING: ir + sink(ss2); // $ ast,ir } diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp index 92a44f2950c..83a4a29046b 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp @@ -38,9 +38,9 @@ void do_source() global10 = zero(source()); sink(global6); - sink(global7); // $ ast MISSING: ir - sink(global8); // $ ast MISSING: ir - sink(global9); // $ ast MISSING: ir + sink(global7); // $ ast,ir + sink(global8); // $ ast,ir + sink(global9); // $ ast,ir sink(global10); } @@ -87,11 +87,11 @@ void class_field_test() { sink(mc1.a); sink(mc1.b); // $ ast,ir - sink(mc1.c); // $ ast,ir + sink(mc1.c); // $ ast MISSING: ir sink(mc1.d); // $ ast,ir sink(mc2.a); sink(mc2.b); // $ ast,ir - sink(mc2.c); // $ ast,ir + sink(mc2.c); // $ ast MISSING: ir sink(mc2.d); } @@ -126,12 +126,12 @@ void pointer_test() { *p2 = source(); - sink(*p1); // $ ast,ir + sink(*p1); // $ ast MISSING: ir sink(*p2); // $ ast,ir sink(*p3); p3 = &t1; - sink(*p3); // $ ast,ir + sink(*p3); // $ ast MISSING: ir *p3 = 0; sink(*p3); // $ SPURIOUS: ast @@ -233,7 +233,7 @@ void test_lambdas() sink(a()); // $ ast,ir auto b = [&] { - sink(t); // $ ast MISSING: ir + sink(t); // $ ast,ir sink(u); // clean v = source(); // (v is reference captured) }; @@ -448,9 +448,9 @@ void test_qualifiers() sink(b); sink(b.getMember()); b.member = source(); - sink(b); // $ ir MISSING: ast + sink(b); // $ MISSING: ast,ir sink(b.member); // $ ast,ir - sink(b.getMember()); // $ ir MISSING: ast + sink(b.getMember()); // $ MISSING: ast,ir c = new MyClass2(0); @@ -648,7 +648,7 @@ void test__strnextc(const char* source) { unsigned c = 0; do { c = _strnextc(source++); - sink(c); // $ ast,ir + sink(c); // $ ast MISSING: ir } while(c != '\0'); c = _strnextc(""); sink(c); @@ -665,7 +665,7 @@ public: void test_no_const_member(char* source) { C_no_const_member_function c; memcpy(c.data(), source, 16); - sink(c.data()); // $ ast MISSING: ir + sink(c.data()); // $ ast,ir } class C_const_member_function { @@ -691,6 +691,6 @@ void test_argument_source_field_to_obj() { argument_source(s.x); sink(s); // $ SPURIOUS: ast - sink(s.x); // $ ast MISSING: ir + sink(s.x); // $ ast,ir sink(s.y); // clean } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql index 6bb8e2a5a9b..4bf7420a9fd 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql @@ -82,7 +82,7 @@ module IRTest { TestAllocationConfig() { this = "TestAllocationConfig" } override predicate isSource(DataFlow::Node source) { - source.(DataFlow::ExprNode).getConvertedExpr().(FunctionCall).getTarget().getName() = "source" + source.asConvertedExpr().(FunctionCall).getTarget().getName() = "source" or source.asParameter().getName().matches("source%") or @@ -95,11 +95,11 @@ module IRTest { override predicate isSink(DataFlow::Node sink) { exists(FunctionCall call | call.getTarget().getName() = "sink" and - sink.(DataFlow::ExprNode).getConvertedExpr() = call.getAnArgument() + sink.asConvertedExpr() = call.getAnArgument() or call.getTarget().getName() = "sink" and sink.asExpr() = call.getAnArgument() and - sink.(DataFlow::ExprNode).getConvertedExpr() instanceof ReferenceDereferenceExpr + sink.asConvertedExpr() instanceof ReferenceDereferenceExpr ) or exists(ReadSideEffectInstruction read | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp index aacef1f4a5b..704246fd5a9 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp @@ -25,7 +25,7 @@ void test_range_based_for_loop_vector(int source1) { } for(int& x : v) { - sink(x); // $ ast,ir + sink(x); // $ ast MISSING: ir } const std::vector const_v(100, source1); @@ -49,22 +49,22 @@ void test_element_taint(int x) { sink(v1.back()); v2[0] = source(); - sink(v2); // $ ast MISSING: ir - sink(v2[0]); // $ ast MISSING: ir - sink(v2[1]); // $ SPURIOUS: ast - sink(v2[x]); // $ ast MISSING: ir + sink(v2); // $ ast,ir + sink(v2[0]); // $ ast,ir + sink(v2[1]); // $ SPURIOUS: ast,ir + sink(v2[x]); // $ ast,ir v3 = v2; - sink(v3); // $ ast MISSING: ir - sink(v3[0]); // $ ast MISSING: ir - sink(v3[1]); // $ SPURIOUS: ast - sink(v3[x]); // $ ast MISSING: ir + sink(v3); // $ ast,ir + sink(v3[0]); // $ ast,ir + sink(v3[1]); // $ SPURIOUS: ast,ir + sink(v3[x]); // $ ast,ir v4[x] = source(); - sink(v4); // $ ast MISSING: ir - sink(v4[0]); // $ ast MISSING: ir - sink(v4[1]); // $ ast MISSING: ir - sink(v4[x]); // $ ast MISSING: ir + sink(v4); // $ ast,ir + sink(v4[0]); // $ ast,ir + sink(v4[1]); // $ ast,ir + sink(v4[x]); // $ ast,ir v5.push_back(source()); sink(v5); // $ ast,ir @@ -72,8 +72,8 @@ void test_element_taint(int x) { sink(v5.back()); // $ ast,ir v6.data()[2] = source(); - sink(v6); // $ ast MISSING: ir - sink(v6.data()[2]); // $ ast MISSING: ir + sink(v6); // $ ast,ir + sink(v6.data()[2]); // $ ast,ir { @@ -94,10 +94,10 @@ void test_element_taint(int x) { sink(v8.back()); // $ MISSING: ast,ir v9.at(x) = source(); - sink(v9); // $ ast MISSING: ir - sink(v9.at(0)); // $ ast MISSING: ir - sink(v9.at(1)); // $ ast MISSING: ir - sink(v9.at(x)); // $ ast MISSING: ir + sink(v9); // $ ast,ir + sink(v9.at(0)); // $ ast,ir + sink(v9.at(1)); // $ ast,ir + sink(v9.at(x)); // $ ast,ir } void test_vector_swap() { @@ -168,7 +168,7 @@ void test_nested_vectors() bb[0].push_back(0); sink(bb[0][0]); bb[0][0] = source(); - sink(bb[0][0]); // $ ast MISSING: ir + sink(bb[0][0]); // $ ast,ir } { @@ -177,7 +177,7 @@ void test_nested_vectors() cc[0].push_back(0); sink(cc[0][0]); cc[0][0] = source(); - sink(cc[0][0]); // $ ast MISSING: ir + sink(cc[0][0]); // $ ast,ir } { @@ -188,7 +188,7 @@ void test_nested_vectors() sink(dd[0].a); sink(dd[0].b); dd[0].a = source(); - sink(dd[0].a); // $ MISSING: ast,ir + sink(dd[0].a); // $ ir MISSING: ast sink(dd[0].b); } @@ -198,7 +198,7 @@ void test_nested_vectors() ee.vs.push_back(0); sink(ee.vs[0]); ee.vs[0] = source(); - sink(ee.vs[0]); // $ ast MISSING: ir + sink(ee.vs[0]); // $ ast,ir } { @@ -209,7 +209,7 @@ void test_nested_vectors() ff.push_back(mvc); sink(ff[0].vs[0]); ff[0].vs[0] = source(); - sink(ff[0].vs[0]); // $ MISSING: ast,ir + sink(ff[0].vs[0]); // $ ir MISSING: ast } } @@ -287,9 +287,9 @@ void test_data_more() { sink(v1.data()[2]); // $ ast,ir *(v2.data()) = ns_int::source(); - sink(v2); // $ ast MISSING: ir - sink(v2.data()); // $ ast MISSING: ir - sink(v2.data()[2]); // $ ast MISSING: ir + sink(v2); // $ ast,ir + sink(v2.data()); // $ ast,ir + sink(v2.data()[2]); // $ ast,ir } void sink(std::vector::iterator); @@ -470,7 +470,7 @@ void test_vector_memcpy() sink(v); memcpy(&v[i], &s, sizeof(int)); - sink(v); // $ ast MISSING: ir + sink(v); // $ ast,ir } { @@ -483,7 +483,7 @@ void test_vector_memcpy() sink(cs); memcpy(&cs[offs + 1], src.c_str(), len); sink(src); // $ ast,ir - sink(cs); // $ ast MISSING: ir + sink(cs); // $ ast,ir } } From 21a1ee775880a3ecde4b383f7b3a85681ad7391f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 15:55:03 +0100 Subject: [PATCH 12/70] C++: Add annoying case in SSA.qll related to 'NewExpr' and accept test changes. --- .../code/cpp/ir/dataflow/internal/Ssa.qll | 34 +++++++++++++++++++ .../test/library-tests/dataflow/fields/A.cpp | 12 +++---- .../test/library-tests/dataflow/fields/B.cpp | 4 +-- .../test/library-tests/dataflow/fields/C.cpp | 2 +- .../dataflow/smart-pointers-taint/test.cpp | 4 +-- 5 files changed, 45 insertions(+), 11 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index aba581452ea..dfd75a74bcf 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -324,6 +324,30 @@ private module Cached { use.hasRankInBlock(bb2, i2) and flowOutOfAddressStep(use.getOperand(), nodeTo) ) + or + // This final case is a bit annoying. The write side effect on an expression like `a = new A;` writes + // to a fresh address returned by `operator new`, and there's no easy way to use the shared SSA + // library to hook that up to the assignment to `a`. So instead we flow to the _first_ use of the + // value computed by `operator new` that occurs after `nodeFrom` (to avoid a loop in the + // dataflow graph). + exists(WriteSideEffectInstruction write, IRBlock bb, int i1, int i2, Operand op | + nodeFrom.getInstruction().(CallInstruction).getStaticCallTarget() instanceof + Alloc::OperatorNewAllocationFunction and + write = nodeFrom.getStoreInstruction() and + bb.getInstruction(i1) = write and + bb.getInstruction(i2) = op.getUse() and + // Flow to an instruction that occurs later in the block. + valueFlow*(nodeFrom.getInstruction(), op.getDef()) and + nodeTo.asOperand() = op and + i2 > i1 and + // There is no previous instruction that also occurs after `nodeFrom`. + not exists(Instruction instr, int i | + bb.getInstruction(i) = instr and + valueFlow(instr, op.getDef()) and + i1 < i and + i < i2 + ) + ) } private predicate fromReadNode(ReadNode nodeFrom, Node nodeTo) { @@ -402,6 +426,16 @@ private module Cached { ) } + private predicate valueFlow(Instruction iFrom, Instruction iTo) { + iTo.(CopyValueInstruction).getSourceValue() = iFrom + or + iTo.(ConvertInstruction).getUnary() = iFrom + or + iTo.(CheckedConvertOrNullInstruction).getUnary() = iFrom + or + iTo.(InheritanceConversionInstruction).getUnary() = iFrom + } + private predicate flowOutOfAddressStep(Operand operand, Node nTo) { // Flow into a read node exists(ReadNode readNode | readNode = nTo | diff --git a/cpp/ql/test/library-tests/dataflow/fields/A.cpp b/cpp/ql/test/library-tests/dataflow/fields/A.cpp index 395d32f1cd0..3c8cfb3551b 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/A.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/A.cpp @@ -46,7 +46,7 @@ public: { C *c = new C(); B *b = B::make(c); - sink(b->c); // $ast MISSING: ir + sink(b->c); // $ast,ir } void f2() @@ -54,7 +54,7 @@ public: B *b = new B(); b->set(new C1()); sink(b->get()); // $ ast ir=55:12 - sink((new B(new C()))->get()); // $ ast MISSING: ir + sink((new B(new C()))->get()); // $ ast,ir } void f3() @@ -149,8 +149,8 @@ public: { B *b = new B(); D *d = new D(b, r()); - sink(d->b); // $ ast MISSING: ir - sink(d->b->c); // $ ast MISSING: ir + sink(d->b); // $ ast,ir=143:25 ast,ir=150:12 + sink(d->b->c); // $ ast,ir sink(b->c); // $ ast,ir } @@ -162,11 +162,11 @@ public: MyList *l3 = new MyList(nullptr, l2); sink(l3->head); // no flow, b is nested beneath at least one ->next sink(l3->next->head); // no flow - sink(l3->next->next->head); // $ ast MISSING: ir + sink(l3->next->next->head); // $ ast,ir sink(l3->next->next->next->head); // no flow for (MyList *l = l3; l != nullptr; l = l->next) { - sink(l->head); // $ ast MISSING: ir + sink(l->head); // $ ast,ir } } diff --git a/cpp/ql/test/library-tests/dataflow/fields/B.cpp b/cpp/ql/test/library-tests/dataflow/fields/B.cpp index 3df917afa0d..57c142b5771 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/B.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/B.cpp @@ -6,7 +6,7 @@ class B Elem *e = new Elem(); Box1 *b1 = new Box1(e, nullptr); Box2 *b2 = new Box2(b1); - sink(b2->box1->elem1); // $ ast MISSING: ir + sink(b2->box1->elem1); // $ ast,ir sink(b2->box1->elem2); // no flow } @@ -16,7 +16,7 @@ class B Box1 *b1 = new B::Box1(nullptr, e); Box2 *b2 = new Box2(b1); sink(b2->box1->elem1); // no flow - sink(b2->box1->elem2); // $ ast MISSING: ir + sink(b2->box1->elem2); // $ ast,ir } static void sink(void *o) {} diff --git a/cpp/ql/test/library-tests/dataflow/fields/C.cpp b/cpp/ql/test/library-tests/dataflow/fields/C.cpp index bc1c662c3db..98121af7055 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/C.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/C.cpp @@ -26,7 +26,7 @@ public: void func() { - sink(s1); // $ast MISSING: ir + sink(s1); // $ast,ir sink(s2); // $ MISSING: ast,ir sink(s3); // $ast MISSING: ir sink(s4); // $ MISSING: ast,ir diff --git a/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/test.cpp b/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/test.cpp index 7836bc01c8e..0e890f8aec4 100644 --- a/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/test.cpp @@ -21,9 +21,9 @@ void test_unique_ptr_struct() { std::unique_ptr p1(new A{source(), 0}); std::unique_ptr p2 = std::make_unique(source(), 0); - sink(p1->x); // $ MISSING: ast,ir + sink(p1->x); // $ ir MISSING: ast sink(p1->y); - sink(p2->x); // $ MISSING: ast,ir + sink(p2->x); // $ ir=22:46 MISSING: ast sink(p2->y); } From 2547a8d746e1c1c6d04b447a391f65ec50315ce2 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 16:12:55 +0100 Subject: [PATCH 13/70] C++: Fix join orders in 'DataFlowDispatch.qll' and `Ssa.qll`. --- .../ir/dataflow/internal/DataFlowDispatch.qll | 7 +++++-- .../code/cpp/ir/dataflow/internal/Ssa.qll | 17 +++++++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll index 4ebd8cbf758..9b421df2df3 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll @@ -63,8 +63,10 @@ private module VirtualDispatch { | // Call argument exists(DataFlowCall call, int i | - other.(DataFlow::ParameterNode).isParameterOf(call.getStaticCallTarget(), i) and - src.(ArgumentNode).argumentOf(call, i) + other + .(DataFlow::ParameterNode) + .isParameterOf(pragma[only_bind_into](call).getStaticCallTarget(), i) and + src.(ArgumentNode).argumentOf(call, pragma[only_bind_into](pragma[only_bind_out](i))) ) and allowOtherFromArg = true and allowFromArg = true @@ -128,6 +130,7 @@ private module VirtualDispatch { * * Used to fix a join ordering issue in flowsFrom. */ + pragma[noinline] private predicate returnNodeWithKindAndEnclosingCallable( ReturnNode node, ReturnKind kind, DataFlowCallable callable ) { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index dfd75a74bcf..11705a43774 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -436,6 +436,16 @@ private module Cached { iTo.(InheritanceConversionInstruction).getUnary() = iFrom } + pragma[noinline] + private predicate callTargetHasInputOutput( + CallInstruction call, DataFlow::FunctionInput input, DataFlow::FunctionOutput output + ) { + exists(DataFlow::DataFlowFunction func | + call.getStaticCallTarget() = func and + func.hasDataFlow(input, output) + ) + } + private predicate flowOutOfAddressStep(Operand operand, Node nTo) { // Flow into a read node exists(ReadNode readNode | readNode = nTo | @@ -500,13 +510,12 @@ private module Cached { or // Flow through a modelled function that has parameter -> return value flow. exists( - CallInstruction call, DataFlow::DataFlowFunction func, int index, - DataFlow::FunctionInput input, DataFlow::FunctionOutput output + CallInstruction call, int index, DataFlow::FunctionInput input, + DataFlow::FunctionOutput output | - call.getStaticCallTarget() = func and + callTargetHasInputOutput(call, input, output) and call.getArgumentOperand(index) = operand and not getSideEffectFor(call, index) instanceof ReadSideEffectInstruction and - func.hasDataFlow(input, output) and input.isParameter(index) and output.isReturnValue() and flowOutOfAddressStep(call.getAUse(), nTo) From 521d863429aaef64d72a62f5b1dde194648427bb Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 Oct 2021 21:17:23 +0100 Subject: [PATCH 14/70] C++: Autoformat. --- .../code/cpp/ir/dataflow/internal/DataFlowPrivate.qll | 2 +- .../semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 8852d54d7b8..9c3a092346d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -241,7 +241,7 @@ private predicate suppressUnusedNode(Node n) { any() } // Java QL library compatibility wrappers ////////////////////////////////////////////////////////////////////////////// /** A node that performs a type cast. */ -class CastNode extends InstructionNode { +class CastNode extends Node { CastNode() { none() } // stub implementation } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 076ee494bc5..3f4f8bb7281 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -202,7 +202,7 @@ class OperandNode extends Node, TOperandNode { /** * INTERNAL: do not use. - * + * * A `StoreNode` is a node that has been (or is about to be) the * source or target of a `storeStep`. */ @@ -295,7 +295,7 @@ private class StoreNodeOperand extends StoreNode, TStoreNodeOperand { /** * INTERNAL: do not use. - * + * * A `ReadNode` is a node that has been (or is about to be) the * source or target of a `readStep`. */ @@ -350,7 +350,7 @@ class ReadNode extends Node, TReadNode { /** * INTERNAL: do not use. - * + * * A phi node produced by the shared SSA library, viewed as a node in a data flow graph. */ class SsaPhiNode extends Node, TSsaPhiNode { From 2cd23e5ee0ab289c81da6ad53088bae11bd8fdbf Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 28 Oct 2021 10:30:53 +0100 Subject: [PATCH 15/70] Accept test changes. --- .../dataflow/fields/ir-path-flow.expected | 34 +- .../dataflow/taint-tests/arrayassignment.cpp | 6 +- .../dataflow/taint-tests/map.cpp | 6 +- .../dataflow/taint-tests/string.cpp | 2 +- .../dataflow/taint-tests/taint.cpp | 2 +- .../dataflow/taint-tests/vector.cpp | 2 +- .../dataflow-ir-consistency.expected | 1335 +++++++++++++++-- .../SAMATE/TaintedPath/TaintedPath.expected | 4 + .../CWE-022/semmle/tests/TaintedPath.expected | 4 + .../SAMATE/ExecTainted/ExecTainted.expected | 10 +- .../semmle/tests/UnboundedWrite.expected | 2 + .../SAMATE/UncontrolledFormatString.expected | 8 + .../CWE-134/semmle/argv/argvLocal.expected | 92 +- .../CWE-134/semmle/funcs/funcsLocal.expected | 48 + ...olledFormatStringThroughGlobalVar.expected | 36 +- .../Security/CWE/CWE-134/semmle/ifs/ifs.c | 4 +- .../CWE/CWE-134/semmle/ifs/ifs.expected | 36 + .../ArithmeticUncontrolled.expected | 47 +- .../semmle/ArithmeticUncontrolled/test.c | 2 +- .../semmle/ArithmeticUncontrolled/test.cpp | 2 +- .../TaintedAllocationSize.expected | 42 +- .../semmle/tainted/ArithmeticTainted.expected | 12 +- .../TaintedCondition.expected | 8 - .../CWE-807/semmle/TaintedCondition/test.cpp | 2 +- 24 files changed, 1483 insertions(+), 263 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected index 703bf4d4eb1..8f070732ab3 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected @@ -389,25 +389,19 @@ edges | by_reference.cpp:24:5:24:17 | value | by_reference.cpp:11:48:11:52 | value | | by_reference.cpp:24:5:24:17 | value | by_reference.cpp:24:5:24:17 | this [post update] [a] | | by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:32:12:32:12 | s [read] [a] | -| by_reference.cpp:31:46:31:46 | s [a] | by_reference.cpp:32:12:32:12 | s [read] [a] | | by_reference.cpp:32:12:32:12 | s [read] [a] | by_reference.cpp:32:15:32:15 | FieldAddress [read] | -| by_reference.cpp:32:12:32:12 | s [read] [a] | by_reference.cpp:32:15:32:15 | FieldAddress [read] | -| by_reference.cpp:32:15:32:15 | FieldAddress [read] | by_reference.cpp:31:16:31:28 | ReturnValue | | by_reference.cpp:32:15:32:15 | FieldAddress [read] | by_reference.cpp:31:16:31:28 | ReturnValue | | by_reference.cpp:35:9:35:19 | *#this [a] | by_reference.cpp:36:12:36:15 | this [read] [a] | -| by_reference.cpp:35:9:35:19 | this [a] | by_reference.cpp:36:12:36:15 | this [read] [a] | -| by_reference.cpp:36:12:36:15 | this [read] [a] | by_reference.cpp:36:18:36:18 | FieldAddress [read] | | by_reference.cpp:36:12:36:15 | this [read] [a] | by_reference.cpp:36:18:36:18 | FieldAddress [read] | | by_reference.cpp:36:18:36:18 | FieldAddress [read] | by_reference.cpp:35:9:35:19 | ReturnValue | -| by_reference.cpp:36:18:36:18 | FieldAddress [read] | by_reference.cpp:35:9:35:19 | ReturnValue | -| by_reference.cpp:39:9:39:21 | *#this [a] | by_reference.cpp:40:18:40:28 | this [a] | +| by_reference.cpp:39:9:39:21 | *#this [a] | by_reference.cpp:40:12:40:15 | this indirection [a] | +| by_reference.cpp:40:12:40:15 | this indirection [a] | by_reference.cpp:35:9:35:19 | *#this [a] | +| by_reference.cpp:40:12:40:15 | this indirection [a] | by_reference.cpp:40:18:40:28 | call to getDirectly | | by_reference.cpp:40:18:40:28 | call to getDirectly | by_reference.cpp:39:9:39:21 | ReturnValue | -| by_reference.cpp:40:18:40:28 | this [a] | by_reference.cpp:35:9:35:19 | this [a] | -| by_reference.cpp:40:18:40:28 | this [a] | by_reference.cpp:40:18:40:28 | call to getDirectly | -| by_reference.cpp:43:9:43:27 | *#this [a] | by_reference.cpp:44:12:44:24 | this [a] | +| by_reference.cpp:43:9:43:27 | *#this [a] | by_reference.cpp:44:26:44:29 | this indirection [a] | | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | by_reference.cpp:43:9:43:27 | ReturnValue | -| by_reference.cpp:44:12:44:24 | this [a] | by_reference.cpp:31:46:31:46 | s [a] | -| by_reference.cpp:44:12:44:24 | this [a] | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | +| by_reference.cpp:44:26:44:29 | this indirection [a] | by_reference.cpp:31:46:31:46 | *s [a] | +| by_reference.cpp:44:26:44:29 | this indirection [a] | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | | by_reference.cpp:50:5:50:15 | call to user_input | by_reference.cpp:15:26:15:30 | value | | by_reference.cpp:50:5:50:15 | call to user_input | by_reference.cpp:50:5:50:15 | s [post update] [a] | | by_reference.cpp:50:5:50:15 | s [post update] [a] | by_reference.cpp:51:8:51:8 | s indirection [a] | @@ -1226,29 +1220,21 @@ nodes | by_reference.cpp:24:5:24:17 | value | semmle.label | value | | by_reference.cpp:24:19:24:22 | this [post update] [a] | semmle.label | this [post update] [a] | | by_reference.cpp:31:16:31:28 | ReturnValue | semmle.label | ReturnValue | -| by_reference.cpp:31:16:31:28 | ReturnValue | semmle.label | ReturnValue | | by_reference.cpp:31:46:31:46 | *s [a] | semmle.label | *s [a] | -| by_reference.cpp:31:46:31:46 | s [a] | semmle.label | s [a] | | by_reference.cpp:32:12:32:12 | s [read] [a] | semmle.label | s [read] [a] | -| by_reference.cpp:32:12:32:12 | s [read] [a] | semmle.label | s [read] [a] | -| by_reference.cpp:32:15:32:15 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:32:15:32:15 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:35:9:35:19 | *#this [a] | semmle.label | *#this [a] | | by_reference.cpp:35:9:35:19 | ReturnValue | semmle.label | ReturnValue | -| by_reference.cpp:35:9:35:19 | ReturnValue | semmle.label | ReturnValue | -| by_reference.cpp:35:9:35:19 | this [a] | semmle.label | this [a] | | by_reference.cpp:36:12:36:15 | this [read] [a] | semmle.label | this [read] [a] | -| by_reference.cpp:36:12:36:15 | this [read] [a] | semmle.label | this [read] [a] | -| by_reference.cpp:36:18:36:18 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:36:18:36:18 | FieldAddress [read] | semmle.label | FieldAddress [read] | | by_reference.cpp:39:9:39:21 | *#this [a] | semmle.label | *#this [a] | | by_reference.cpp:39:9:39:21 | ReturnValue | semmle.label | ReturnValue | +| by_reference.cpp:40:12:40:15 | this indirection [a] | semmle.label | this indirection [a] | | by_reference.cpp:40:18:40:28 | call to getDirectly | semmle.label | call to getDirectly | -| by_reference.cpp:40:18:40:28 | this [a] | semmle.label | this [a] | | by_reference.cpp:43:9:43:27 | *#this [a] | semmle.label | *#this [a] | | by_reference.cpp:43:9:43:27 | ReturnValue | semmle.label | ReturnValue | | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | semmle.label | call to nonMemberGetA | -| by_reference.cpp:44:12:44:24 | this [a] | semmle.label | this [a] | +| by_reference.cpp:44:26:44:29 | this indirection [a] | semmle.label | this indirection [a] | | by_reference.cpp:50:5:50:15 | call to user_input | semmle.label | call to user_input | | by_reference.cpp:50:5:50:15 | s [post update] [a] | semmle.label | s [post update] [a] | | by_reference.cpp:50:17:50:26 | call to user_input | semmle.label | call to user_input | @@ -1694,8 +1680,8 @@ subpaths | D.cpp:51:19:51:25 | e | D.cpp:11:24:11:24 | e | D.cpp:11:29:11:32 | this [post update] [elem] | D.cpp:51:19:51:25 | call to getBox1 [post update] [elem] | | by_reference.cpp:20:11:20:21 | value | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:8 | this [post update] [a] | by_reference.cpp:20:11:20:21 | this [post update] [a] | | by_reference.cpp:24:5:24:17 | value | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:5 | s [post update] [a] | by_reference.cpp:24:5:24:17 | this [post update] [a] | -| by_reference.cpp:40:18:40:28 | this [a] | by_reference.cpp:35:9:35:19 | this [a] | by_reference.cpp:35:9:35:19 | ReturnValue | by_reference.cpp:40:18:40:28 | call to getDirectly | -| by_reference.cpp:44:12:44:24 | this [a] | by_reference.cpp:31:46:31:46 | s [a] | by_reference.cpp:31:16:31:28 | ReturnValue | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | +| by_reference.cpp:40:12:40:15 | this indirection [a] | by_reference.cpp:35:9:35:19 | *#this [a] | by_reference.cpp:35:9:35:19 | ReturnValue | by_reference.cpp:40:18:40:28 | call to getDirectly | +| by_reference.cpp:44:26:44:29 | this indirection [a] | by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:31:16:31:28 | ReturnValue | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | | by_reference.cpp:50:5:50:15 | call to user_input | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:8 | this [post update] [a] | by_reference.cpp:50:5:50:15 | s [post update] [a] | | by_reference.cpp:51:8:51:8 | s indirection [a] | by_reference.cpp:35:9:35:19 | *#this [a] | by_reference.cpp:35:9:35:19 | ReturnValue | by_reference.cpp:51:10:51:20 | call to getDirectly | | by_reference.cpp:56:5:56:17 | call to user_input | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:20:5:20:8 | this [post update] [a] | by_reference.cpp:56:5:56:17 | s [post update] [a] | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp index 011c6bc1fe7..b541e50c72b 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp @@ -54,7 +54,7 @@ void test_myint_member_assignment() mi.i = source(); sink(mi); // $ MISSING: ast,ir - sink(mi.get()); // $ ast,ir + sink(mi.get()); // $ ast MISSING: ir } void test_myint_method_assignment() @@ -64,7 +64,7 @@ void test_myint_method_assignment() mi.get() = source(); sink(mi); // $ ir MISSING: ast - sink(mi.get()); // $ ast,ir + sink(mi.get()); // $ ast MISSING: ir } void test_myint_overloaded_assignment() @@ -107,7 +107,7 @@ void test_myarray_method_assignment() ma.get(0) = source(); - sink(ma.get(0)); // $ ir MISSING: ast + sink(ma.get(0)); // $ MISSING: ast,ir } void test_myarray_overloaded_assignment() diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp index e044dbb62a5..d98378a63b5 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp @@ -179,11 +179,11 @@ void test_map() m14.insert(std::make_pair("b", source())); m14.insert(std::make_pair("c", source())); m14.insert(std::make_pair("d", "d")); - sink(m2.lower_bound("b")); // $ ast MISSING: ir - sink(m2.upper_bound("b")); // $ ast MISSING: ir + sink(m2.lower_bound("b")); // $ ast,ir + sink(m2.upper_bound("b")); // $ ast,ir sink(m2.equal_range("b").first); // $ MISSING: ast,ir sink(m2.equal_range("b").second); // $ MISSING: ast,ir - sink(m2.upper_bound("c")); // $ SPURIOUS: ast + sink(m2.upper_bound("c")); // $ SPURIOUS: ast,ir sink(m2.equal_range("c").second); // swap diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp index 78428c60224..e2b99945724 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp @@ -127,7 +127,7 @@ void test_range_based_for_loop_string() { } for(char& c : s) { - sink(c); // $ ast MISSING: ir + sink(c); // $ ast,ir } const std::string const_s(source()); diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp index 83a4a29046b..c2a70eae4fe 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp @@ -648,7 +648,7 @@ void test__strnextc(const char* source) { unsigned c = 0; do { c = _strnextc(source++); - sink(c); // $ ast MISSING: ir + sink(c); // $ ast,ir } while(c != '\0'); c = _strnextc(""); sink(c); diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp index 704246fd5a9..0fa7c5c2154 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp @@ -25,7 +25,7 @@ void test_range_based_for_loop_vector(int source1) { } for(int& x : v) { - sink(x); // $ ast MISSING: ir + sink(x); // $ ast,ir } const std::vector const_v(100, source1); diff --git a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected index 511edc7e45a..d25d12c3372 100644 --- a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected @@ -51,6 +51,7 @@ uniqueNodeLocation | allocators.cpp:14:5:14:8 | Phi | Node should have one location but has 4. | | allocators.cpp:14:5:14:8 | Phi | Node should have one location but has 4. | | allocators.cpp:14:5:14:8 | Phi | Node should have one location but has 4. | +| allocators.cpp:14:5:14:8 | Phi | Node should have one location but has 4. | | allocators.cpp:14:5:14:8 | ReturnValue | Node should have one location but has 4. | | allocators.cpp:14:5:14:8 | SideEffect | Node should have one location but has 4. | | allocators.cpp:14:5:14:8 | VariableAddress | Node should have one location but has 4. | @@ -925,6 +926,7 @@ uniqueNodeLocation | no_dynamic_init.cpp:9:5:9:8 | Phi | Node should have one location but has 4. | | no_dynamic_init.cpp:9:5:9:8 | Phi | Node should have one location but has 4. | | no_dynamic_init.cpp:9:5:9:8 | Phi | Node should have one location but has 4. | +| no_dynamic_init.cpp:9:5:9:8 | Phi | Node should have one location but has 4. | | no_dynamic_init.cpp:9:5:9:8 | ReturnValue | Node should have one location but has 4. | | no_dynamic_init.cpp:9:5:9:8 | SideEffect | Node should have one location but has 4. | | no_dynamic_init.cpp:9:5:9:8 | VariableAddress | Node should have one location but has 4. | @@ -1084,6 +1086,7 @@ uniqueNodeLocation | parameterinitializer.cpp:18:5:18:8 | Phi | Node should have one location but has 4. | | parameterinitializer.cpp:18:5:18:8 | Phi | Node should have one location but has 4. | | parameterinitializer.cpp:18:5:18:8 | Phi | Node should have one location but has 4. | +| parameterinitializer.cpp:18:5:18:8 | Phi | Node should have one location but has 4. | | parameterinitializer.cpp:18:5:18:8 | ReturnValue | Node should have one location but has 4. | | parameterinitializer.cpp:18:5:18:8 | SideEffect | Node should have one location but has 4. | | parameterinitializer.cpp:18:5:18:8 | VariableAddress | Node should have one location but has 4. | @@ -1225,6 +1228,7 @@ uniqueNodeLocation | stream_it.cpp:16:5:16:8 | Phi | Node should have one location but has 4. | | stream_it.cpp:16:5:16:8 | Phi | Node should have one location but has 4. | | stream_it.cpp:16:5:16:8 | Phi | Node should have one location but has 4. | +| stream_it.cpp:16:5:16:8 | Phi | Node should have one location but has 4. | | stream_it.cpp:16:5:16:8 | ReturnValue | Node should have one location but has 4. | | stream_it.cpp:16:5:16:8 | SideEffect | Node should have one location but has 4. | | stream_it.cpp:16:5:16:8 | VariableAddress | Node should have one location but has 4. | @@ -1464,113 +1468,1234 @@ unreachableNodeCCtx localCallNodes postIsNotPre postHasUniquePre -| assignexpr.cpp:9:2:9:12 | Store | PostUpdateNode should have one pre-update node but has 0. | -| bad_asts.cpp:15:10:15:12 | Store | PostUpdateNode should have one pre-update node but has 0. | -| cpp11.cpp:65:19:65:45 | Store | PostUpdateNode should have one pre-update node but has 0. | -| ir.cpp:531:14:531:14 | Store | PostUpdateNode should have one pre-update node but has 0. | uniquePostUpdate postIsInSameCallable reverseRead argHasPostUpdate postWithInFlow -| aggregateinitializer.c:3:14:3:18 | Chi | PostUpdateNode should not be the target of local flow. | -| aggregateinitializer.c:3:21:3:25 | Chi | PostUpdateNode should not be the target of local flow. | -| allocators.cpp:3:27:3:27 | Chi | PostUpdateNode should not be the target of local flow. | -| allocators.cpp:3:35:3:35 | Chi | PostUpdateNode should not be the target of local flow. | -| allocators.cpp:4:11:4:23 | Chi | PostUpdateNode should not be the target of local flow. | -| allocators.cpp:4:17:4:23 | Chi | PostUpdateNode should not be the target of local flow. | -| assignexpr.cpp:9:2:9:12 | Store | PostUpdateNode should not be the target of local flow. | -| bad_asts.cpp:15:10:15:12 | Store | PostUpdateNode should not be the target of local flow. | -| builtin.c:14:26:14:26 | Chi | PostUpdateNode should not be the target of local flow. | -| builtin.c:14:29:14:29 | Chi | PostUpdateNode should not be the target of local flow. | -| builtin.c:14:32:14:32 | Chi | PostUpdateNode should not be the target of local flow. | -| builtin.c:14:35:14:35 | Chi | PostUpdateNode should not be the target of local flow. | -| condition_decls.cpp:3:5:3:22 | Chi | PostUpdateNode should not be the target of local flow. | -| condition_decls.cpp:3:21:3:21 | Chi | PostUpdateNode should not be the target of local flow. | -| conditional_destructors.cpp:6:13:6:19 | Chi | PostUpdateNode should not be the target of local flow. | -| conditional_destructors.cpp:18:13:18:19 | Chi | PostUpdateNode should not be the target of local flow. | -| cpp11.cpp:65:19:65:45 | Store | PostUpdateNode should not be the target of local flow. | -| cpp11.cpp:82:17:82:55 | Chi | PostUpdateNode should not be the target of local flow. | -| cpp11.cpp:82:17:82:55 | Chi | PostUpdateNode should not be the target of local flow. | -| defdestructordeleteexpr.cpp:4:9:4:15 | Chi | PostUpdateNode should not be the target of local flow. | -| deleteexpr.cpp:7:9:7:15 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:177:5:177:12 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:178:5:178:12 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:183:5:183:12 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:184:5:184:12 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:342:5:342:10 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:428:5:428:12 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:429:5:429:15 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:504:19:504:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:504:22:504:22 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:505:16:505:21 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:505:19:505:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:506:16:506:18 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:506:16:506:18 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:513:14:513:16 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:513:14:513:16 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:514:14:514:26 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:514:19:514:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:514:22:514:22 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:515:19:515:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:515:22:515:22 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:515:29:515:29 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:515:32:515:32 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:516:17:516:21 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:516:19:516:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:516:24:516:28 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:516:26:516:26 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:521:19:521:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:521:22:521:22 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:521:25:521:25 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:522:16:522:21 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:522:19:522:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:531:14:531:14 | Store | PostUpdateNode should not be the target of local flow. | -| ir.cpp:577:16:577:21 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:577:19:577:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:578:19:578:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:578:22:578:22 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:579:16:579:21 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:579:19:579:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:643:9:643:21 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:644:9:644:23 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:645:9:645:15 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:659:9:659:14 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:660:13:660:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:661:9:661:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:662:9:662:19 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:663:5:663:5 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:745:8:745:8 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:745:8:745:8 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:748:10:748:10 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:754:8:754:8 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:757:12:757:12 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:763:8:763:8 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:766:13:766:13 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:775:15:775:15 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:784:15:784:15 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:793:15:793:15 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:943:3:943:11 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:947:3:947:25 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:962:17:962:47 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:962:17:962:47 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:962:17:962:47 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:962:26:962:30 | Chi | PostUpdateNode should not be the target of local flow. | -| ir.cpp:962:41:962:45 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:130:5:130:11 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:131:5:131:13 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:154:32:154:32 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:154:35:154:35 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:154:40:154:40 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:154:43:154:43 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:157:14:157:18 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:158:14:158:18 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:160:31:160:33 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:160:31:160:33 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:220:3:223:3 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:221:10:221:10 | Chi | PostUpdateNode should not be the target of local flow. | -| misc.c:222:10:222:10 | Chi | PostUpdateNode should not be the target of local flow. | -| range_analysis.c:102:5:102:15 | Chi | PostUpdateNode should not be the target of local flow. | -| static_init_templates.cpp:3:2:3:8 | Chi | PostUpdateNode should not be the target of local flow. | -| static_init_templates.cpp:21:2:21:12 | Chi | PostUpdateNode should not be the target of local flow. | -| static_init_templates.cpp:240:7:240:7 | Chi | PostUpdateNode should not be the target of local flow. | +| FunctionTryStmt.cpp:2:3:2:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| VacuousDestructorCall.cpp:10:3:10:16 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| VacuousDestructorCall.cpp:10:21:10:22 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| VacuousDestructorCall.cpp:10:22:10:22 | i [post update] | PostUpdateNode should not be the target of local flow. | +| abortingfunctions.cpp:49:5:49:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aggregateinitializer.c:3:6:3:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| aggregateinitializer.c:3:11:3:27 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| aggregateinitializer.c:3:11:3:27 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:3:23:3:28 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:3:31:3:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:4:11:4:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:4:11:4:13 | m_x [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:4:17:4:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:4:17:4:19 | m_y [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:7:56:7:70 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:16:8:16:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:16:14:16:36 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:16:14:16:36 | new [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:16:14:16:36 | new [post update] | PostUpdateNode should not be the target of local flow. | +| allocators.cpp:18:1:18:1 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| assignexpr.cpp:9:4:9:4 | i [post update] | PostUpdateNode should not be the target of local flow. | +| bad_asts.cpp:10:7:10:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| bad_asts.cpp:15:10:15:12 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| bad_asts.cpp:16:5:16:5 | s [post update] | PostUpdateNode should not be the target of local flow. | +| bad_asts.cpp:16:7:16:23 | s [post update] | PostUpdateNode should not be the target of local flow. | +| bad_asts.cpp:27:11:27:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| break_labels.c:3:9:3:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| break_labels.c:5:9:5:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| break_labels.c:7:17:7:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| break_labels.c:8:17:8:22 | result [post update] | PostUpdateNode should not be the target of local flow. | +| break_labels.c:18:9:18:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| break_labels.c:20:9:20:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| break_labels.c:20:24:20:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| break_labels.c:27:9:27:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:8:3:8:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:12:3:12:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:14:18:14:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:14:23:14:37 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:14:23:14:37 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:14:23:14:37 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:14:23:14:37 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:15:18:15:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:20:3:20:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:21:3:21:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:22:3:22:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:29:5:29:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:34:3:34:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:34:10:34:20 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:34:22:34:31 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:34:22:34:31 | (volatile void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:34:23:34:31 | staticint [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:39:3:39:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:39:10:39:23 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:39:36:39:45 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:39:37:39:45 | carry_out [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:43:3:43:24 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:43:40:43:49 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:43:41:43:49 | staticint [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:45:3:45:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:48:2:48:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:51:3:51:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:51:10:51:27 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:51:29:51:38 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:51:30:51:38 | staticint [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:54:3:54:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:54:10:54:26 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:54:28:54:38 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:54:29:54:38 | atomic_int [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.c:56:3:56:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:5:5:5:34 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:10:10:10:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:10:14:10:22 | i [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:10:24:10:24 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:10:24:10:24 | i [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:14:11:14:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:15:5:15:29 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:15:31:15:35 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:15:32:15:35 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| builtin.cpp:15:33:15:35 | ptr [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decl_int.cpp:2:7:2:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decl_int.cpp:3:9:3:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:3:5:3:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:3:5:3:9 | m_ptr [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:3:13:3:22 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:3:13:3:22 | new [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:9:5:9:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:16:6:16:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:16:19:16:20 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:26:10:26:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:26:23:26:24 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:41:9:41:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:41:22:41:23 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:48:16:48:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:48:22:48:24 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:48:27:48:31 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:48:34:48:36 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:48:39:48:53 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| condition_decls.cpp:48:52:48:53 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:6:13:6:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:6:13:6:15 | val [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:10:9:10:32 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:18:13:18:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:18:13:18:15 | val [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:25:9:25:32 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:30:9:30:13 | call to C1 [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:30:9:30:13 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:30:18:30:22 | call to C1 [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:30:18:30:22 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:33:9:33:13 | call to C1 [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:33:9:33:13 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:33:18:33:22 | call to C1 [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:33:18:33:22 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:39:9:39:13 | call to C2 [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:39:9:39:13 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:39:18:39:22 | call to C2 [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:39:18:39:22 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:42:9:42:13 | call to C2 [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:42:9:42:13 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:42:18:42:22 | call to C2 [post update] | PostUpdateNode should not be the target of local flow. | +| conditional_destructors.cpp:42:18:42:22 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| constmemberaccess.cpp:9:2:9:2 | i [post update] | PostUpdateNode should not be the target of local flow. | +| constructorinitializer.cpp:8:4:8:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| constructorinitializer.cpp:8:6:8:18 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:6:5:6:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:6:5:6:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:6:5:6:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:6:16:6:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:7:7:7:8 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:7:7:7:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:7:7:7:8 | el [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:5:28:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:5:28:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:5:28:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:16:28:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | (__begin) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | (__begin) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | (__begin) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | (__begin) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | (__range) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | (__range) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | (__range) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | (__range) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:28:21:28:34 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:29:7:29:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:31:5:31:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:56:14:56:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:56:14:56:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:60:15:60:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:60:15:60:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:65:10:65:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:65:19:65:45 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:65:35:65:43 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:77:19:77:21 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:77:19:77:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:82:11:82:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:82:11:82:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:82:17:82:55 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:82:17:82:55 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:82:17:82:55 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:82:45:82:48 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:82:45:82:48 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:82:51:82:51 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:82:51:82:51 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:88:25:88:30 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:88:25:88:30 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:88:33:88:38 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:88:33:88:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:99:5:99:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:108:5:108:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:148:13:148:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:150:13:150:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp11.cpp:169:7:169:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:15:5:15:45 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:15:5:15:45 | new [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:15:5:15:45 | new [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:19:5:19:8 | 1 [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:19:5:19:8 | 2 [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:19:5:19:8 | p [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:19:10:19:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:19:10:19:10 | p [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:19:13:19:13 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:19:13:19:13 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:19:16:19:16 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| cpp17.cpp:19:16:19:16 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| defdestructordeleteexpr.cpp:4:5:4:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| defdestructordeleteexpr.cpp:4:9:4:15 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| defdestructordeleteexpr.cpp:4:9:4:15 | new [post update] | PostUpdateNode should not be the target of local flow. | +| deleteexpr.cpp:7:5:7:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| deleteexpr.cpp:7:9:7:15 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| deleteexpr.cpp:7:9:7:15 | new [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:11:7:11:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:16:5:16:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:19:3:19:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:50:9:50:13 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:50:9:50:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:51:16:51:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:51:22:51:56 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:51:22:51:56 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:51:36:51:38 | call to C [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:51:36:51:38 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| destructors.cpp:52:7:52:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dostmt.c:33:7:33:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| dostmt.c:35:7:35:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| duff2.c:3:9:3:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| duff2.c:13:16:13:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| duff2.c:17:9:17:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| duff2.c:21:16:21:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| duff.c:3:9:3:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| duff.c:13:24:13:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ellipsisexceptionhandler.cpp:6:4:6:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ellipsisexceptionhandler.cpp:16:18:16:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| exceptionhandler.cpp:7:2:7:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| exceptionhandler.cpp:14:4:14:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| fieldaccess.cpp:9:2:9:2 | i [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | (Base *)... [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | (Middle *)... [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| forstmt.cpp:2:14:2:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| forstmt.cpp:2:29:2:29 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| forstmt.cpp:9:14:9:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| forstmt.cpp:14:14:14:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| forstmt.cpp:14:27:14:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| forstmt.cpp:19:14:19:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| forstmt.cpp:19:28:19:28 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| initializer.c:3:6:3:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:2:10:2:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:3:10:3:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:5:17:5:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:6:17:6:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:8:19:8:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:9:19:9:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:11:11:11:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:12:20:12:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:14:9:14:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:15:18:15:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:17:10:17:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:18:19:18:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:20:15:20:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:21:15:21:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:22:24:22:28 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:23:24:23:30 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:25:10:25:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:26:10:26:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:28:13:28:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:29:13:29:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:31:14:31:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:32:14:32:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:34:11:34:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:35:11:35:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:36:11:36:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:38:12:38:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:39:12:39:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:40:12:40:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:44:9:44:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:45:11:45:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:46:5:46:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:47:5:47:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:53:5:53:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:54:5:54:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:55:5:55:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:56:5:56:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:57:5:57:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:59:5:59:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:60:5:60:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:61:5:61:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:63:5:63:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:64:5:64:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:66:5:66:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:68:5:68:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:69:5:69:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:70:5:70:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:71:5:71:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:72:5:72:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:74:5:74:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:75:5:75:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:76:5:76:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:78:5:78:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:79:5:79:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:81:5:81:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:82:5:82:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:83:5:83:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:84:5:84:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:90:5:90:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:91:5:91:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:92:5:92:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:93:5:93:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:94:5:94:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:95:5:95:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:101:5:101:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:101:11:101:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:102:5:102:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:102:11:102:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:103:5:103:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:103:9:103:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:104:5:104:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:104:9:104:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:110:5:110:5 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:110:13:110:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:111:5:111:5 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:111:13:111:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:117:5:117:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:118:5:118:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:119:5:119:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:120:5:120:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:122:5:122:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:124:5:124:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:125:5:125:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:126:5:126:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:127:5:127:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:129:5:129:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:130:5:130:5 | z [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:136:5:136:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:137:5:137:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:138:5:138:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:139:5:139:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:140:5:140:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:141:5:141:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:147:5:147:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:147:11:147:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:148:5:148:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:148:11:148:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:149:5:149:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:149:9:149:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:150:5:150:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:150:9:150:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:157:5:157:5 | q [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:158:5:158:5 | q [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:159:5:159:5 | q [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:160:5:160:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:162:5:162:5 | q [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:164:5:164:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:165:5:165:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:167:5:167:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:168:5:168:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:174:5:174:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:175:5:175:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:177:5:177:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:177:5:177:5 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:177:5:177:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:178:5:178:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:178:7:178:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:178:7:178:7 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:181:5:181:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:182:5:182:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:183:5:183:5 | a [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:183:5:183:5 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:183:5:183:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:184:5:184:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:184:7:184:7 | a [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:184:7:184:7 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:188:10:188:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:189:14:189:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:190:13:190:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:196:5:196:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:197:5:197:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:198:5:198:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:199:5:199:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:200:5:200:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:201:5:201:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:207:5:207:5 | q [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:207:11:207:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:208:5:208:5 | q [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:208:11:208:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:209:5:209:5 | q [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:209:9:209:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:210:5:210:5 | q [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:210:9:210:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:215:9:215:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:216:5:216:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:219:11:219:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:220:5:220:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:223:5:223:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:226:10:226:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:227:5:227:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:232:9:232:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:236:5:236:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:244:9:244:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:248:9:248:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:250:9:250:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:255:9:255:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:261:9:261:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:273:14:273:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:279:9:279:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:286:9:286:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:287:13:287:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:293:14:293:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:299:14:299:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:299:22:299:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:305:9:305:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:306:20:306:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:312:14:312:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:312:29:312:29 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:318:14:318:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:318:29:318:29 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:326:14:326:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:326:29:326:29 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:334:14:334:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:342:5:342:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:342:6:342:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:342:6:342:6 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:343:5:343:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:349:5:349:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:356:9:356:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:365:9:365:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:377:5:377:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:381:5:381:37 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:390:13:390:13 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:395:13:395:13 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:399:13:399:13 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:401:13:401:13 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:405:13:405:13 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:423:5:423:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:428:8:428:8 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:429:8:429:8 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:430:10:430:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:436:9:436:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:440:9:440:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:443:9:443:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:450:9:450:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:454:9:454:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:457:9:457:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:464:9:464:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:468:9:468:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:471:9:471:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:477:5:477:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:477:9:477:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:477:9:477:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:478:5:478:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:478:9:478:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:478:9:478:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:479:5:479:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:479:11:479:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:479:11:479:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:483:9:483:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:483:13:483:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:483:13:483:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:489:6:489:14 | ... ? ... : ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:489:6:489:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:489:6:489:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:489:6:489:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:497:10:497:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:498:10:498:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:499:5:499:5 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:500:5:500:5 | q [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:504:16:504:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:504:16:504:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:505:16:505:21 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:505:16:505:21 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:506:16:506:18 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:506:16:506:18 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:508:9:508:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:509:9:509:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:513:14:513:16 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:513:14:513:16 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:514:14:514:26 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:514:17:514:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:514:17:514:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:515:17:515:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:515:17:515:24 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:515:27:515:34 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:515:27:515:34 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:516:17:516:21 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:516:17:516:21 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:516:24:516:28 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:516:24:516:28 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:520:9:520:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:520:16:520:18 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:521:9:521:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:521:16:521:27 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:521:16:521:27 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:521:16:521:27 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:522:9:522:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:522:16:522:21 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:522:16:522:21 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:531:11:531:16 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:540:5:540:5 | y [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:545:9:545:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:548:5:548:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:552:5:552:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:563:13:563:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:565:13:565:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:567:13:567:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:572:10:572:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:573:10:573:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:574:10:574:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:576:10:576:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:576:16:576:18 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:577:10:577:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:577:16:577:21 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:577:16:577:21 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:578:10:578:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:578:16:578:24 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:578:16:578:24 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:579:10:579:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:579:16:579:21 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:579:16:579:21 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:585:5:585:18 | string [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:585:32:585:39 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:585:32:585:39 | string [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:591:11:591:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:592:5:592:7 | pfn [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:593:5:593:7 | pfn [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:594:5:594:7 | pfn [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:616:12:616:13 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:616:12:616:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:617:12:617:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:617:15:617:22 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:618:12:618:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:619:12:619:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:619:16:619:30 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:631:9:631:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:635:9:635:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:639:9:639:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:643:9:643:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:643:15:643:17 | m_a [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:644:11:644:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:644:11:644:14 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:644:17:644:19 | m_a [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:645:9:645:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:645:9:645:11 | m_a [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:647:9:647:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:648:9:648:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:649:9:649:9 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:653:9:653:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:653:9:653:12 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:653:15:653:36 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:654:10:654:14 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:654:11:654:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:654:11:654:14 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:654:17:654:38 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:655:9:655:30 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:655:9:655:30 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:655:9:655:30 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:659:9:659:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:660:9:660:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:661:9:661:13 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:662:9:662:19 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:662:9:662:19 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:663:5:663:5 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:663:5:663:5 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:676:5:676:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:680:5:680:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:686:10:686:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:687:10:687:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:688:19:688:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:693:9:693:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:694:7:694:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:698:8:698:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:699:8:699:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:705:3:705:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:705:10:705:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:705:10:705:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:709:3:709:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:716:5:716:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:716:12:716:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:721:3:721:54 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:721:10:721:39 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:721:41:721:47 | (void *)... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:726:9:726:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:728:7:728:28 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:733:5:733:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:736:5:736:19 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:736:5:736:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:745:8:745:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:745:8:745:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:745:8:745:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:745:8:745:8 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:745:8:745:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:745:8:745:8 | base_s [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:748:10:748:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:748:10:748:10 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:754:8:754:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:754:8:754:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:754:8:754:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:754:8:754:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:754:8:754:8 | middle_s [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:754:8:754:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:754:8:754:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:757:3:757:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:757:12:757:12 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:757:12:757:12 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:757:12:757:12 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:757:12:757:12 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:763:8:763:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:763:8:763:8 | & ... [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:763:8:763:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:763:8:763:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:763:8:763:8 | derived_s [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:763:8:763:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:763:8:763:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:766:3:766:9 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:766:13:766:13 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:766:13:766:13 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:766:13:766:13 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:766:13:766:13 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:775:3:775:11 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:775:15:775:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:775:15:775:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:775:15:775:15 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:775:15:775:15 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:784:3:784:11 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:784:15:784:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:784:15:784:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:784:15:784:15 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:784:15:784:15 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:793:3:793:11 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:793:15:793:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:793:15:793:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:793:15:793:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:793:15:793:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:793:15:793:15 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:793:15:793:15 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:793:15:793:15 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:793:15:793:15 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:800:8:800:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:800:8:800:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:801:10:801:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:801:10:801:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:802:11:802:11 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:802:11:802:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:804:9:804:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:805:11:805:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:806:12:806:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:808:3:808:3 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:808:5:808:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:809:3:809:3 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:809:5:809:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:809:7:809:13 | call to Base [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:809:7:809:13 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:810:3:810:3 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:810:5:810:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:810:7:810:26 | call to Base [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:810:7:810:26 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:811:3:811:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:812:3:812:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:813:3:813:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:814:3:814:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:816:3:816:3 | m [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:816:5:816:5 | m [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:817:3:817:3 | m [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:817:5:817:5 | m [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:818:3:818:4 | pm [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:819:3:819:4 | pm [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:820:3:820:4 | pm [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:822:3:822:3 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:822:5:822:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:823:3:823:3 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:823:5:823:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:823:7:823:13 | call to Base [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:823:7:823:13 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:824:3:824:3 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:824:5:824:5 | b [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:824:7:824:26 | call to Base [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:824:7:824:26 | temporary object [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:825:3:825:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:826:3:826:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:827:3:827:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:828:3:828:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:830:3:830:3 | d [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:830:5:830:5 | d [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:831:3:831:3 | d [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:831:5:831:5 | d [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:832:3:832:4 | pd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:833:3:833:4 | pd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:834:3:834:4 | pd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:836:14:836:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:837:14:837:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:838:3:838:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:839:3:839:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:846:8:846:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:846:8:846:8 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:846:8:846:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:850:19:850:19 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:850:19:850:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:851:22:851:22 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:851:22:851:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:853:20:853:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:854:23:854:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:857:3:857:4 | pb [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:858:20:858:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:860:3:860:4 | pd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:861:23:861:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:863:9:863:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:864:15:864:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:867:1:867:14 | this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:868:3:868:12 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:873:15:873:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:874:3:874:3 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:875:3:875:3 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:876:3:876:3 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:877:10:877:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:878:16:878:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:879:16:879:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:880:3:880:4 | pa [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:884:3:884:3 | p [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:885:3:885:5 | pfn [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:891:22:891:25 | args [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:891:22:891:25 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:893:22:893:26 | args2 [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:893:22:893:26 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:894:10:894:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:894:31:894:34 | args [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:894:31:894:34 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:895:9:895:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:895:30:895:33 | args [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:895:30:895:33 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:905:8:905:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:906:7:906:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:906:11:906:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:943:3:943:11 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:943:3:943:11 | new [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:944:3:944:14 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:944:3:944:14 | new [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:944:3:944:14 | new [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:945:3:945:27 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:945:3:945:27 | new [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:945:3:945:27 | new [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:947:3:947:25 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:947:3:947:25 | new [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:962:7:962:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:962:17:962:47 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:962:17:962:47 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:962:17:962:47 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:962:17:962:47 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:962:17:962:47 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:963:3:963:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:28:5:28:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:29:5:29:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:30:5:30:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:31:5:31:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:32:5:32:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:33:5:33:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:34:5:34:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:35:5:35:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:36:5:36:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:37:5:37:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:39:5:39:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ltrbinopexpr.c:40:5:40:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:18:5:18:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:19:5:19:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:20:7:20:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:21:5:21:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:23:9:23:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:25:9:25:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:28:9:28:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:30:9:30:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:33:9:33:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:35:9:35:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:38:9:38:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:40:9:40:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:45:9:45:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:48:9:48:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:51:9:51:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:54:9:54:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:57:9:57:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:60:9:60:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:62:9:62:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:62:24:62:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:64:19:64:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:66:9:66:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:66:18:66:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:93:5:93:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:93:9:93:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:93:9:93:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:94:5:94:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:94:9:94:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:94:9:94:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:123:9:123:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:124:9:124:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:124:25:124:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:126:5:126:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:129:5:129:6 | sp [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:130:7:130:7 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:131:5:131:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:131:9:131:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:132:5:132:5 | j [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:133:5:133:5 | j [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:135:5:135:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:136:5:136:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:137:5:137:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:147:5:147:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:154:23:154:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:154:31:154:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:154:31:154:36 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:154:39:154:44 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:154:39:154:44 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:156:31:159:5 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:156:31:159:5 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:160:31:160:33 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:160:31:160:33 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:165:5:165:5 | i [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:178:17:178:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:179:17:179:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:188:5:188:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:200:24:200:27 | args [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:200:24:200:27 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:208:1:208:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:216:3:216:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:220:3:220:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:220:4:220:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:220:4:220:5 | sp [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:220:9:223:3 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:220:9:223:3 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:228:7:228:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:229:7:229:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:230:2:230:3 | p1 [post update] | PostUpdateNode should not be the target of local flow. | +| misc.c:231:2:231:40 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| modeled-functions.cpp:6:3:6:8 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| modeled-functions.cpp:6:3:6:8 | 0 [post update] | PostUpdateNode should not be the target of local flow. | +| modeled-functions.cpp:6:19:6:19 | (char *)... [post update] | PostUpdateNode should not be the target of local flow. | +| modeled-functions.cpp:6:22:6:22 | (unsigned long *)... [post update] | PostUpdateNode should not be the target of local flow. | +| ms_assume.cpp:13:8:13:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ms_assume.cpp:14:8:14:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ms_assume.cpp:28:3:28:8 | result [post update] | PostUpdateNode should not be the target of local flow. | +| ms_assume.cpp:28:12:28:16 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| ms_assume.cpp:28:18:28:23 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| ms_assume.cpp:28:18:28:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. | +| ms_assume.cpp:34:1:34:1 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ms_try_mix.cpp:11:7:11:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ms_try_mix.cpp:11:12:11:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ms_try_mix.cpp:28:7:28:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ms_try_mix.cpp:28:12:28:15 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| ms_try_mix.cpp:48:5:48:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ms_try_mix.cpp:48:10:48:13 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| newexpr.cpp:8:2:8:20 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. | +| newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. | +| no_dynamic_init.cpp:11:3:11:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ops.cpp:19:11:19:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ops.cpp:20:11:20:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ops.cpp:21:11:21:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ops.cpp:26:26:26:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| ops.cpp:26:31:26:53 | Call [post update] | PostUpdateNode should not be the target of local flow. | +| ops.cpp:26:31:26:53 | new [post update] | PostUpdateNode should not be the target of local flow. | +| ops.cpp:26:31:26:53 | new [post update] | PostUpdateNode should not be the target of local flow. | +| parameterinitializer.cpp:8:5:8:10 | Got %d\n [post update] | PostUpdateNode should not be the target of local flow. | +| parameterinitializer.cpp:8:12:8:21 | (char *)... [post update] | PostUpdateNode should not be the target of local flow. | +| parameterinitializer.cpp:8:12:8:21 | Got %d\n [post update] | PostUpdateNode should not be the target of local flow. | +| parameterinitializer.cpp:8:12:8:21 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. | +| parameterinitializer.cpp:25:5:25:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| parameterinitializer.cpp:25:5:25:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| parameterinitializer.cpp:27:3:27:6 | my_c [post update] | PostUpdateNode should not be the target of local flow. | +| parameterinitializer.cpp:27:8:27:13 | my_c [post update] | PostUpdateNode should not be the target of local flow. | +| parameterinitializer.cpp:30:5:30:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pointer_to_member.cpp:23:6:23:8 | obj [post update] | PostUpdateNode should not be the target of local flow. | +| pointer_to_member.cpp:23:10:23:14 | obj [post update] | PostUpdateNode should not be the target of local flow. | +| pointer_to_member.cpp:26:5:26:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pointer_to_member.cpp:27:5:27:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pointer_to_member.cpp:27:12:27:14 | obj [post update] | PostUpdateNode should not be the target of local flow. | +| pointer_to_member.cpp:27:16:27:20 | obj [post update] | PostUpdateNode should not be the target of local flow. | +| pointer_to_member.cpp:29:5:29:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:69:9:69:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:78:9:78:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:87:9:87:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:96:13:96:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:105:13:105:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:114:13:114:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:123:13:123:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:132:13:132:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:165:9:165:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:172:9:172:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:179:9:179:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:186:9:186:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| pruning.c:193:9:193:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| questionexpr.c:3:2:3:2 | x [post update] | PostUpdateNode should not be the target of local flow. | +| questionexpr.c:3:6:3:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| questionexpr.c:3:6:3:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:6:7:6:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:7:13:7:13 | p [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:8:5:8:9 | count [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:10:3:10:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:14:7:14:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:15:13:15:13 | p [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:16:5:16:9 | count [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:18:3:18:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:22:7:22:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:23:13:23:13 | p [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:24:5:24:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:25:5:25:9 | count [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:27:3:27:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:31:7:31:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:32:7:32:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:33:8:33:8 | i [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:33:22:33:22 | i [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:34:5:34:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:36:3:36:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:40:7:40:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:41:7:41:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:42:8:42:8 | i [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:42:22:42:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:43:5:43:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:45:3:45:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:49:7:49:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:50:7:50:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:51:8:51:8 | i [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:51:24:51:24 | i [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:52:5:52:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:54:3:54:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:60:7:60:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:63:3:63:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:69:7:69:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:72:3:72:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:78:7:78:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:82:7:82:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:85:3:85:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:91:7:91:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:93:5:93:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:95:3:95:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:100:3:100:3 | c [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:102:5:102:8 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:102:6:102:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:102:6:102:6 | p [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:102:6:102:8 | ... ++ [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:105:5:105:5 | c [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:107:7:107:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:107:8:107:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:107:8:107:8 | p [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:107:8:107:10 | ... ++ [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:110:7:110:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:112:3:112:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:119:3:119:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:119:10:119:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:123:14:123:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:126:22:126:27 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:127:6:127:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:130:4:130:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:135:17:135:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:136:16:136:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:137:16:137:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:138:7:138:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:139:3:139:42 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:144:7:144:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:145:7:145:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:146:7:146:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:147:7:147:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:148:8:148:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:149:18:149:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:150:3:150:37 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:154:3:154:41 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:154:10:154:40 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:154:10:154:40 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:159:7:159:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:162:9:162:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:163:9:163:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:164:5:164:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:167:9:167:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:168:9:168:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:169:5:169:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:172:9:172:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:173:9:173:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:174:5:174:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:177:9:177:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:178:9:178:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:179:5:179:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:182:9:182:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:183:9:183:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:184:5:184:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:187:9:187:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:188:9:188:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:189:5:189:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:192:3:192:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:198:7:198:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:201:9:201:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:202:5:202:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:205:9:205:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:206:5:206:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:209:9:209:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:210:5:210:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:213:9:213:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:214:5:214:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:217:9:217:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:218:5:218:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:221:3:221:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:226:7:226:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:229:9:229:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:230:5:230:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:233:9:233:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:234:5:234:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:237:9:237:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:238:5:238:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:241:9:241:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:242:5:242:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:245:9:245:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:246:5:246:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:249:3:249:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:254:7:254:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:257:9:257:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:258:5:258:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:261:9:261:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:262:5:262:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:265:9:265:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:266:5:266:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:269:9:269:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:270:5:270:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:273:9:273:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:274:5:274:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:277:3:277:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:282:7:282:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:285:9:285:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:286:5:286:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:289:9:289:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:290:5:290:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:293:9:293:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:294:5:294:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:297:9:297:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:298:5:298:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:301:9:301:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:302:5:302:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:305:3:305:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:310:7:310:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:313:9:313:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:314:5:314:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:317:9:317:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:318:5:318:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:321:9:321:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:322:5:322:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:325:9:325:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:326:5:326:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:329:9:329:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:330:5:330:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:333:3:333:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:337:10:337:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:339:5:339:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:343:5:343:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:345:3:345:3 | d [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:348:7:348:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:351:3:351:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:357:3:357:4 | y1 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:357:8:357:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:357:8:357:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:358:3:358:4 | y2 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:358:8:358:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:358:8:358:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:359:3:359:4 | y3 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:360:3:360:4 | y4 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:361:3:361:4 | y5 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:362:3:362:4 | y6 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:363:3:363:4 | y7 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:364:3:364:4 | y8 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:366:5:366:6 | y3 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:366:10:366:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:366:10:366:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:367:5:367:6 | y4 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:367:10:367:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:367:10:367:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:368:5:368:6 | y5 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:368:10:368:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:368:10:368:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:369:5:369:6 | y6 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:369:10:369:36 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:369:10:369:36 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:370:5:370:6 | y7 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:370:10:370:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:370:10:370:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:371:5:371:6 | y8 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:371:10:371:39 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:371:10:371:39 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:373:3:373:47 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:379:3:379:4 | y1 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:379:8:379:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:379:8:379:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:380:3:380:4 | y2 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:380:8:380:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:380:8:380:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:381:3:381:4 | y3 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:382:3:382:4 | y4 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:383:3:383:4 | y5 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:385:5:385:6 | y3 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:385:10:385:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:385:10:385:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:386:5:386:6 | y4 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:386:10:386:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:386:10:386:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:387:5:387:6 | y5 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:387:10:387:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:387:10:387:38 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:389:3:389:32 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:394:16:394:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:394:20:394:36 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:394:20:394:36 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:397:3:397:4 | y1 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:397:11:397:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:398:3:398:4 | y2 [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:398:9:398:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:398:14:398:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| range_analysis.c:399:3:399:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| rethrow_error.cpp:17:3:17:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| returnstmt.c:8:5:8:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| revsubscriptexpr.c:4:2:4:2 | i [post update] | PostUpdateNode should not be the target of local flow. | +| shortforstmt.cpp:35:5:35:5 | x [post update] | PostUpdateNode should not be the target of local flow. | +| statements.cpp:32:39:32:39 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| statements.cpp:48:16:48:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| statements.cpp:48:16:48:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| statements.cpp:48:22:48:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| statements.cpp:56:5:56:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:3:2:3:4 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:3:2:3:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:3:2:3:4 | ref [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:18:7:18:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:20:2:20:10 | a [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:20:12:20:12 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:20:12:20:12 | a [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:21:2:21:4 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:21:2:21:4 | val [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:22:2:22:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:31:10:31:11 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:31:10:31:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:33:11:33:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:81:5:81:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:81:5:81:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:90:5:90:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:90:5:90:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:98:5:98:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:98:5:98:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:106:5:106:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:106:5:106:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:126:5:126:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:134:5:134:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:227:19:227:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:233:24:233:31 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:236:7:236:7 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:236:7:236:7 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:236:7:236:7 | this [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:240:7:240:7 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:240:7:240:7 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:249:21:249:23 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:249:21:249:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:250:17:250:19 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:250:17:250:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:251:20:251:23 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| static_init_templates.cpp:251:20:251:23 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:4:5:4:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:8:5:8:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:12:16:12:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:12:16:12:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:12:25:12:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:12:25:12:25 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:13:16:13:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:13:16:13:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:18:3:18:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:26:19:26:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:29:14:29:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| staticlocals.cpp:29:14:29:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stmt_expr.cpp:13:16:13:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stmt_expr.cpp:13:18:13:19 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| stmt_expr.cpp:27:5:27:7 | ptr [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:4:16:4:30 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:5:14:5:28 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:3:11:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:3:11:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:3:11:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:10:11:12 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:16:11:16 | (__range) [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:16:11:16 | (__range) [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:16:11:16 | (__range) [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:16:11:16 | (__range) [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:16:11:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:11:16:11:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:19:3:19:11 | xs [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:19:13:19:14 | (reference to) [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:19:13:19:14 | xs [post update] | PostUpdateNode should not be the target of local flow. | +| stream_it.cpp:20:3:20:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| subscriptexpr.c:4:2:4:2 | i [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:5:11:5:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:5:11:5:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:7:5:7:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:9:5:9:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:16:11:16:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:16:11:16:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:19:5:19:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:20:3:20:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:28:11:28:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:28:11:28:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:31:9:31:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| switchbody.c:33:9:33:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:28:9:28:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:28:24:28:24 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:36:9:36:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:36:19:36:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:44:9:44:9 | i [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:52:9:52:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:73:9:73:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:93:9:93:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:93:13:93:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:93:13:93:21 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:98:9:98:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:103:9:103:9 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:204:12:204:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:204:12:204:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:220:5:220:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:222:3:222:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:227:5:227:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:229:3:229:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:233:7:233:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| test.c:233:7:233:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:7:8:7:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:7:8:7:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:7:8:7:8 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:7:8:7:8 | ConvertToNonVirtualBase [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:7:8:7:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:7:8:7:8 | this [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:13:5:13:16 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:13:5:13:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:21:14:21:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| try_catch.cpp:23:8:23:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| unaryopexpr.c:10:5:10:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| unaryopexpr.c:11:5:11:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| unaryopexpr.c:12:7:12:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| unaryopexpr.c:13:7:13:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| void_bug.cpp:5:3:5:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| whilestmt.c:9:7:9:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| whilestmt.c:11:5:11:8 | done [post update] | PostUpdateNode should not be the target of local flow. | +| whilestmt.c:40:7:40:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | +| whilestmt.c:42:7:42:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected index 6271123d9d1..4f929e2b6c9 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected @@ -1,9 +1,11 @@ edges | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection | subpaths nodes @@ -12,6 +14,8 @@ nodes | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... | semmle.label | (const char *)... | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... | semmle.label | (const char *)... | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data | +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data | +| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection | semmle.label | data indirection | | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection | semmle.label | data indirection | #select diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected index cb8dfd321b3..6069d6153bc 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected @@ -3,6 +3,8 @@ edges | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | (const char *)... | | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName | | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName | +| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName | +| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName | | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection | | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection | subpaths @@ -12,6 +14,8 @@ nodes | test.c:17:11:17:18 | (const char *)... | semmle.label | (const char *)... | | test.c:17:11:17:18 | (const char *)... | semmle.label | (const char *)... | | test.c:17:11:17:18 | fileName | semmle.label | fileName | +| test.c:17:11:17:18 | fileName | semmle.label | fileName | +| test.c:17:11:17:18 | fileName | semmle.label | fileName | | test.c:17:11:17:18 | fileName indirection | semmle.label | fileName indirection | | test.c:17:11:17:18 | fileName indirection | semmle.label | fileName indirection | #select diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected index 51c8906abb5..8875333fbeb 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected @@ -1,16 +1,16 @@ edges +| tests.cpp:26:15:26:23 | ReturnValue | tests.cpp:51:12:51:20 | call to badSource | | tests.cpp:33:34:33:39 | call to getenv | tests.cpp:38:39:38:49 | environment indirection | -| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:42:5:42:16 | Phi | +| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | ReturnValue | | tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument | | tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument | -| tests.cpp:42:5:42:16 | Phi | tests.cpp:51:22:51:25 | badSource output argument | -| tests.cpp:51:22:51:25 | badSource output argument | tests.cpp:53:16:53:19 | data indirection | +| tests.cpp:51:12:51:20 | call to badSource | tests.cpp:53:16:53:19 | data indirection | nodes +| tests.cpp:26:15:26:23 | ReturnValue | semmle.label | ReturnValue | | tests.cpp:33:34:33:39 | call to getenv | semmle.label | call to getenv | | tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument | | tests.cpp:38:39:38:49 | environment indirection | semmle.label | environment indirection | -| tests.cpp:42:5:42:16 | Phi | semmle.label | Phi | -| tests.cpp:51:22:51:25 | badSource output argument | semmle.label | badSource output argument | +| tests.cpp:51:12:51:20 | call to badSource | semmle.label | call to badSource | | tests.cpp:53:16:53:19 | data indirection | semmle.label | data indirection | subpaths #select diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected index e98353732b9..53344b776af 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected @@ -31,6 +31,8 @@ edges | tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 indirection | | tests.c:31:15:31:23 | array to pointer conversion | tests.c:31:15:31:23 | buffer100 | | tests.c:31:15:31:23 | array to pointer conversion | tests.c:31:15:31:23 | buffer100 indirection | +| tests.c:31:15:31:23 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 | +| tests.c:31:15:31:23 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 indirection | | tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 | | tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 indirection | | tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | buffer100 | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected index 5bce7b8aa38..ee4d25029be 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected @@ -7,14 +7,18 @@ edges | char_connect_socket_w32_vsnprintf_01_bad.c:94:55:94:68 | ... + ... | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data indirection | | char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | (const char *)... | | char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | data | +| char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | data | | char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | data indirection | | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | (const char *)... | | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | data | +| char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | data | | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | data indirection | | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | (const char *)... | | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | (const char *)... | | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data | | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data | +| char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data | +| char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data | | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data indirection | | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data indirection | subpaths @@ -31,6 +35,8 @@ nodes | char_console_fprintf_01_bad.c:49:21:49:24 | (const char *)... | semmle.label | (const char *)... | | char_console_fprintf_01_bad.c:49:21:49:24 | (const char *)... | semmle.label | (const char *)... | | char_console_fprintf_01_bad.c:49:21:49:24 | data | semmle.label | data | +| char_console_fprintf_01_bad.c:49:21:49:24 | data | semmle.label | data | +| char_console_fprintf_01_bad.c:49:21:49:24 | data | semmle.label | data | | char_console_fprintf_01_bad.c:49:21:49:24 | data indirection | semmle.label | data indirection | | char_console_fprintf_01_bad.c:49:21:49:24 | data indirection | semmle.label | data indirection | | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | semmle.label | call to getenv | @@ -38,6 +44,8 @@ nodes | char_environment_fprintf_01_bad.c:36:21:36:24 | (const char *)... | semmle.label | (const char *)... | | char_environment_fprintf_01_bad.c:36:21:36:24 | (const char *)... | semmle.label | (const char *)... | | char_environment_fprintf_01_bad.c:36:21:36:24 | data | semmle.label | data | +| char_environment_fprintf_01_bad.c:36:21:36:24 | data | semmle.label | data | +| char_environment_fprintf_01_bad.c:36:21:36:24 | data | semmle.label | data | | char_environment_fprintf_01_bad.c:36:21:36:24 | data indirection | semmle.label | data indirection | | char_environment_fprintf_01_bad.c:36:21:36:24 | data indirection | semmle.label | data indirection | #select diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected index a5a17967f69..5a4a8eae9e2 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected @@ -1,5 +1,5 @@ edges -| argvLocal.c:9:25:9:31 | correct | argvLocal.c:9:25:9:31 | *correct | +| argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | | argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | (const char *)... | | argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | (const char *)... | | argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | access to array | @@ -29,6 +29,8 @@ edges | argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 | | argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 indirection | | argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 indirection | +| argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 indirection | +| argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 indirection | | argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | (const char *)... | | argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | (const char *)... | | argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 | @@ -44,6 +46,14 @@ edges | argvLocal.c:100:7:100:10 | argv | argvLocal.c:145:15:145:16 | i7 indirection | | argvLocal.c:100:7:100:10 | argv | argvLocal.c:145:15:145:16 | i7 indirection | | argvLocal.c:102:15:102:16 | i1 indirection | argvLocal.c:9:25:9:31 | *correct | +| argvLocal.c:102:15:102:16 | i1 indirection | argvLocal.c:102:15:102:16 | printWrapper output argument | +| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:144:9:144:10 | (const char *)... | +| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:144:9:144:10 | i7 | +| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:144:9:144:10 | i7 | +| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:144:9:144:10 | i7 indirection | +| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:145:15:145:16 | i7 | +| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:145:15:145:16 | i7 | +| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:145:15:145:16 | i7 indirection | | argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | (const char *)... | | argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | (const char *)... | | argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | access to array | @@ -58,6 +68,8 @@ edges | argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array | | argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array indirection | | argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array indirection | +| argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array indirection | +| argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array indirection | | argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | (const char *)... | | argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | (const char *)... | | argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | * ... | @@ -73,6 +85,14 @@ edges | argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... indirection | | argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... indirection | | argvLocal.c:107:15:107:19 | access to array indirection | argvLocal.c:9:25:9:31 | *correct | +| argvLocal.c:107:15:107:19 | access to array indirection | argvLocal.c:107:15:107:19 | printWrapper output argument | +| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:110:9:110:11 | (const char *)... | +| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:110:9:110:11 | * ... | +| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:110:9:110:11 | * ... | +| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:110:9:110:11 | * ... indirection | +| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:111:15:111:17 | * ... | +| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:111:15:111:17 | * ... | +| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:111:15:111:17 | * ... indirection | | argvLocal.c:111:15:111:17 | * ... indirection | argvLocal.c:9:25:9:31 | *correct | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | (const char *)... | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | (const char *)... | @@ -80,8 +100,6 @@ edges | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 indirection | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:2:117:13 | i3 | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:2:117:13 | i3 | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | array to pointer conversion | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | array to pointer conversion | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 | @@ -90,70 +108,41 @@ edges | argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 indirection | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 indirection | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | (const char *)... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | (const char *)... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:2:122:13 | i4 | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:2:122:13 | i4 | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | (const char *)... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | (const char *)... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... indirection | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... indirection | -| argvLocal.c:117:2:117:13 | i3 | argvLocal.c:9:25:9:31 | correct | -| argvLocal.c:117:2:117:13 | i3 | argvLocal.c:117:15:117:16 | printWrapper output argument | | argvLocal.c:117:15:117:16 | i3 indirection | argvLocal.c:9:25:9:31 | *correct | | argvLocal.c:117:15:117:16 | i3 indirection | argvLocal.c:117:15:117:16 | printWrapper output argument | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | (const char *)... | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | i4 | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | i4 indirection | -| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:2:122:13 | i4 | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 indirection | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 indirection | +| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:10 | i4 | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | (const char *)... | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ | +| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ indirection | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... | | argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... indirection | -| argvLocal.c:122:2:122:13 | i4 | argvLocal.c:9:25:9:31 | correct | -| argvLocal.c:122:2:122:13 | i4 | argvLocal.c:122:15:122:16 | printWrapper output argument | +| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:17:136:18 | i4 | | argvLocal.c:122:15:122:16 | i4 indirection | argvLocal.c:9:25:9:31 | *correct | | argvLocal.c:122:15:122:16 | i4 indirection | argvLocal.c:122:15:122:16 | printWrapper output argument | +| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:10 | i4 | | argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | (const char *)... | | argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ | +| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ | | argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ indirection | | argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... | | argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... | | argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... indirection | +| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:17:136:18 | i4 | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | (const char *)... | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | (const char *)... | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 indirection | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 indirection | -| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:2:128:13 | i5 | -| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:2:128:13 | i5 | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | array to pointer conversion | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | array to pointer conversion | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 | @@ -174,8 +163,6 @@ edges | argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... indirection | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... indirection | -| argvLocal.c:128:2:128:13 | i5 | argvLocal.c:9:25:9:31 | correct | -| argvLocal.c:128:2:128:13 | i5 | argvLocal.c:128:15:128:16 | printWrapper output argument | | argvLocal.c:128:15:128:16 | i5 indirection | argvLocal.c:9:25:9:31 | *correct | | argvLocal.c:128:15:128:16 | i5 indirection | argvLocal.c:128:15:128:16 | printWrapper output argument | | argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:131:9:131:14 | (const char *)... | @@ -248,16 +235,14 @@ edges | argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:24:170:26 | i10 | | argvLocal.c:170:15:170:26 | i10 indirection | argvLocal.c:9:25:9:31 | *correct | subpaths -| argvLocal.c:117:2:117:13 | i3 | argvLocal.c:9:25:9:31 | correct | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:117:15:117:16 | printWrapper output argument | -| argvLocal.c:117:15:117:16 | i3 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:117:15:117:16 | printWrapper output argument | -| argvLocal.c:122:2:122:13 | i4 | argvLocal.c:9:25:9:31 | correct | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:122:15:122:16 | printWrapper output argument | -| argvLocal.c:122:15:122:16 | i4 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:122:15:122:16 | printWrapper output argument | -| argvLocal.c:128:2:128:13 | i5 | argvLocal.c:9:25:9:31 | correct | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:128:15:128:16 | printWrapper output argument | -| argvLocal.c:128:15:128:16 | i5 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:128:15:128:16 | printWrapper output argument | +| argvLocal.c:102:15:102:16 | i1 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:102:15:102:16 | printWrapper output argument | +| argvLocal.c:107:15:107:19 | access to array indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:107:15:107:19 | printWrapper output argument | +| argvLocal.c:117:15:117:16 | i3 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:117:15:117:16 | printWrapper output argument | +| argvLocal.c:122:15:122:16 | i4 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:122:15:122:16 | printWrapper output argument | +| argvLocal.c:128:15:128:16 | i5 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:128:15:128:16 | printWrapper output argument | nodes | argvLocal.c:9:25:9:31 | *correct | semmle.label | *correct | -| argvLocal.c:9:25:9:31 | *correct | semmle.label | *correct | -| argvLocal.c:9:25:9:31 | correct | semmle.label | correct | +| argvLocal.c:9:25:9:31 | ReturnIndirection | semmle.label | ReturnIndirection | | argvLocal.c:95:9:95:12 | argv | semmle.label | argv | | argvLocal.c:95:9:95:12 | argv | semmle.label | argv | | argvLocal.c:95:9:95:15 | (const char *)... | semmle.label | (const char *)... | @@ -288,6 +273,7 @@ nodes | argvLocal.c:102:15:102:16 | i1 | semmle.label | i1 | | argvLocal.c:102:15:102:16 | i1 indirection | semmle.label | i1 indirection | | argvLocal.c:102:15:102:16 | i1 indirection | semmle.label | i1 indirection | +| argvLocal.c:102:15:102:16 | printWrapper output argument | semmle.label | printWrapper output argument | | argvLocal.c:105:14:105:17 | argv | semmle.label | argv | | argvLocal.c:105:14:105:17 | argv | semmle.label | argv | | argvLocal.c:106:9:106:13 | (const char *)... | semmle.label | (const char *)... | @@ -302,6 +288,7 @@ nodes | argvLocal.c:107:15:107:19 | access to array | semmle.label | access to array | | argvLocal.c:107:15:107:19 | access to array indirection | semmle.label | access to array indirection | | argvLocal.c:107:15:107:19 | access to array indirection | semmle.label | access to array indirection | +| argvLocal.c:107:15:107:19 | printWrapper output argument | semmle.label | printWrapper output argument | | argvLocal.c:110:9:110:11 | (const char *)... | semmle.label | (const char *)... | | argvLocal.c:110:9:110:11 | (const char *)... | semmle.label | (const char *)... | | argvLocal.c:110:9:110:11 | * ... | semmle.label | * ... | @@ -321,7 +308,6 @@ nodes | argvLocal.c:116:9:116:10 | i3 | semmle.label | i3 | | argvLocal.c:116:9:116:10 | i3 indirection | semmle.label | i3 indirection | | argvLocal.c:116:9:116:10 | i3 indirection | semmle.label | i3 indirection | -| argvLocal.c:117:2:117:13 | i3 | semmle.label | i3 | | argvLocal.c:117:15:117:16 | array to pointer conversion | semmle.label | array to pointer conversion | | argvLocal.c:117:15:117:16 | array to pointer conversion | semmle.label | array to pointer conversion | | argvLocal.c:117:15:117:16 | i3 | semmle.label | i3 | @@ -333,7 +319,6 @@ nodes | argvLocal.c:121:9:121:10 | i4 | semmle.label | i4 | | argvLocal.c:121:9:121:10 | i4 indirection | semmle.label | i4 indirection | | argvLocal.c:121:9:121:10 | i4 indirection | semmle.label | i4 indirection | -| argvLocal.c:122:2:122:13 | i4 | semmle.label | i4 | | argvLocal.c:122:15:122:16 | i4 | semmle.label | i4 | | argvLocal.c:122:15:122:16 | i4 | semmle.label | i4 | | argvLocal.c:122:15:122:16 | i4 | semmle.label | i4 | @@ -347,7 +332,6 @@ nodes | argvLocal.c:127:9:127:10 | i5 | semmle.label | i5 | | argvLocal.c:127:9:127:10 | i5 indirection | semmle.label | i5 indirection | | argvLocal.c:127:9:127:10 | i5 indirection | semmle.label | i5 indirection | -| argvLocal.c:128:2:128:13 | i5 | semmle.label | i5 | | argvLocal.c:128:15:128:16 | array to pointer conversion | semmle.label | array to pointer conversion | | argvLocal.c:128:15:128:16 | array to pointer conversion | semmle.label | array to pointer conversion | | argvLocal.c:128:15:128:16 | i5 | semmle.label | i5 | @@ -364,9 +348,13 @@ nodes | argvLocal.c:132:15:132:20 | ... + ... | semmle.label | ... + ... | | argvLocal.c:132:15:132:20 | ... + ... indirection | semmle.label | ... + ... indirection | | argvLocal.c:132:15:132:20 | ... + ... indirection | semmle.label | ... + ... indirection | +| argvLocal.c:135:9:135:10 | i4 | semmle.label | i4 | +| argvLocal.c:135:9:135:10 | i4 | semmle.label | i4 | | argvLocal.c:135:9:135:12 | (const char *)... | semmle.label | (const char *)... | | argvLocal.c:135:9:135:12 | (const char *)... | semmle.label | (const char *)... | | argvLocal.c:135:9:135:12 | ... ++ | semmle.label | ... ++ | +| argvLocal.c:135:9:135:12 | ... ++ | semmle.label | ... ++ | +| argvLocal.c:135:9:135:12 | ... ++ | semmle.label | ... ++ | | argvLocal.c:135:9:135:12 | ... ++ indirection | semmle.label | ... ++ indirection | | argvLocal.c:135:9:135:12 | ... ++ indirection | semmle.label | ... ++ indirection | | argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... | @@ -374,6 +362,8 @@ nodes | argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... | | argvLocal.c:136:15:136:18 | -- ... indirection | semmle.label | -- ... indirection | | argvLocal.c:136:15:136:18 | -- ... indirection | semmle.label | -- ... indirection | +| argvLocal.c:136:17:136:18 | i4 | semmle.label | i4 | +| argvLocal.c:136:17:136:18 | i4 | semmle.label | i4 | | argvLocal.c:144:9:144:10 | (const char *)... | semmle.label | (const char *)... | | argvLocal.c:144:9:144:10 | (const char *)... | semmle.label | (const char *)... | | argvLocal.c:144:9:144:10 | i7 | semmle.label | i7 | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected index 0f78d29fd36..2586fc17f87 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected @@ -1,4 +1,10 @@ edges +| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:17:9:17:10 | (const char *)... | +| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:17:9:17:10 | i1 | +| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:17:9:17:10 | i1 indirection | +| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:58:9:58:10 | (const char *)... | +| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:58:9:58:10 | e1 | +| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:58:9:58:10 | e1 indirection | | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | (const char *)... | | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | i1 | | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | i1 indirection | @@ -51,8 +57,29 @@ edges | funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | (const char *)... | | funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | i6 | | funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | i6 indirection | +| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | (const char *)... | +| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | (const char *)... | +| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... | +| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... | +| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... | +| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... | +| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... indirection | +| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... indirection | +| funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | (const char *)... | +| funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | * ... | +| funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | * ... | +| funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | * ... indirection | +| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | (const char *)... | +| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | (const char *)... | +| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... | +| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... | +| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... | +| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... | +| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... indirection | +| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... indirection | subpaths nodes +| funcsLocal.c:16:8:16:9 | (void *)... | semmle.label | (void *)... | | funcsLocal.c:16:8:16:9 | fread output argument | semmle.label | fread output argument | | funcsLocal.c:16:8:16:9 | i1 | semmle.label | i1 | | funcsLocal.c:17:9:17:10 | (const char *)... | semmle.label | (const char *)... | @@ -96,6 +123,25 @@ nodes | funcsLocal.c:42:9:42:10 | i6 | semmle.label | i6 | | funcsLocal.c:42:9:42:10 | i6 indirection | semmle.label | i6 indirection | | funcsLocal.c:42:9:42:10 | i6 indirection | semmle.label | i6 indirection | +| funcsLocal.c:46:7:46:9 | * ... | semmle.label | * ... | +| funcsLocal.c:46:7:46:9 | * ... | semmle.label | * ... | +| funcsLocal.c:46:7:46:9 | gets output argument | semmle.label | gets output argument | +| funcsLocal.c:47:9:47:11 | (const char *)... | semmle.label | (const char *)... | +| funcsLocal.c:47:9:47:11 | (const char *)... | semmle.label | (const char *)... | +| funcsLocal.c:47:9:47:11 | * ... | semmle.label | * ... | +| funcsLocal.c:47:9:47:11 | * ... | semmle.label | * ... | +| funcsLocal.c:47:9:47:11 | * ... | semmle.label | * ... | +| funcsLocal.c:47:9:47:11 | * ... indirection | semmle.label | * ... indirection | +| funcsLocal.c:47:9:47:11 | * ... indirection | semmle.label | * ... indirection | +| funcsLocal.c:52:8:52:11 | call to gets | semmle.label | call to gets | +| funcsLocal.c:52:8:52:11 | call to gets | semmle.label | call to gets | +| funcsLocal.c:53:9:53:11 | (const char *)... | semmle.label | (const char *)... | +| funcsLocal.c:53:9:53:11 | (const char *)... | semmle.label | (const char *)... | +| funcsLocal.c:53:9:53:11 | * ... | semmle.label | * ... | +| funcsLocal.c:53:9:53:11 | * ... | semmle.label | * ... | +| funcsLocal.c:53:9:53:11 | * ... | semmle.label | * ... | +| funcsLocal.c:53:9:53:11 | * ... indirection | semmle.label | * ... indirection | +| funcsLocal.c:53:9:53:11 | * ... indirection | semmle.label | * ... indirection | | funcsLocal.c:58:9:58:10 | (const char *)... | semmle.label | (const char *)... | | funcsLocal.c:58:9:58:10 | (const char *)... | semmle.label | (const char *)... | | funcsLocal.c:58:9:58:10 | e1 | semmle.label | e1 | @@ -109,4 +155,6 @@ nodes | funcsLocal.c:37:9:37:10 | i5 | funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | funcsLocal.c:36:7:36:8 | i5 | gets | | funcsLocal.c:42:9:42:10 | i6 | funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | funcsLocal.c:41:13:41:16 | call to gets | gets | | funcsLocal.c:42:9:42:10 | i6 | funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | i6 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | funcsLocal.c:41:18:41:20 | i61 | gets | +| funcsLocal.c:47:9:47:11 | * ... | funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | funcsLocal.c:46:7:46:9 | * ... | gets | +| funcsLocal.c:53:9:53:11 | * ... | funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | funcsLocal.c:52:8:52:11 | call to gets | gets | | funcsLocal.c:58:9:58:10 | e1 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | funcsLocal.c:16:8:16:9 | i1 | fread | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected index 8d957ee499c..db35fb14f0f 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected @@ -5,6 +5,7 @@ edges | globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy | | globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy | | globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy | +| globalVars.c:8:7:8:10 | copy | globalVars.c:33:15:33:18 | copy | | globalVars.c:8:7:8:10 | copy | globalVars.c:35:11:35:14 | copy | | globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 | | globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 | @@ -12,15 +13,16 @@ edges | globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 | | globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 | | globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 | +| globalVars.c:9:7:9:11 | copy2 | globalVars.c:44:15:44:19 | copy2 | | globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 | | globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 | | globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 | | globalVars.c:11:22:11:25 | *argv | globalVars.c:12:2:12:15 | Store | -| globalVars.c:11:22:11:25 | argv | globalVars.c:11:22:11:25 | *argv | | globalVars.c:11:22:11:25 | argv | globalVars.c:12:2:12:15 | Store | | globalVars.c:12:2:12:15 | Store | globalVars.c:8:7:8:10 | copy | | globalVars.c:15:21:15:23 | val | globalVars.c:16:2:16:12 | Store | | globalVars.c:16:2:16:12 | Store | globalVars.c:9:7:9:11 | copy2 | +| globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | ReturnIndirection | | globalVars.c:24:2:24:9 | argv | globalVars.c:11:22:11:25 | argv | | globalVars.c:24:11:24:14 | argv | globalVars.c:24:2:24:9 | argv | | globalVars.c:24:11:24:14 | argv | globalVars.c:24:2:24:9 | argv | @@ -34,6 +36,12 @@ edges | globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy | | globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy | | globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy indirection | +| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy indirection | +| globalVars.c:30:15:30:18 | copy | globalVars.c:35:2:35:9 | copy | +| globalVars.c:30:15:30:18 | copy indirection | globalVars.c:19:25:19:27 | *str | +| globalVars.c:30:15:30:18 | copy indirection | globalVars.c:30:15:30:18 | printWrapper output argument | +| globalVars.c:30:15:30:18 | printWrapper output argument | globalVars.c:35:2:35:9 | copy | +| globalVars.c:33:15:33:18 | copy | globalVars.c:35:2:35:9 | copy | | globalVars.c:35:2:35:9 | copy | globalVars.c:15:21:15:23 | val | | globalVars.c:35:11:35:14 | copy | globalVars.c:35:2:35:9 | copy | | globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | (const char *)... | @@ -43,10 +51,30 @@ edges | globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 | | globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 | | globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 indirection | +| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 indirection | +| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | (const char *)... | +| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 | +| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 | +| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 | +| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 indirection | +| globalVars.c:41:15:41:19 | copy2 indirection | globalVars.c:19:25:19:27 | *str | +| globalVars.c:41:15:41:19 | copy2 indirection | globalVars.c:41:15:41:19 | printWrapper output argument | +| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | (const char *)... | +| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 | +| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 | +| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 | +| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 indirection | +| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | (const char *)... | +| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 | +| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 | +| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 | +| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 indirection | | globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | (const char *)... | | globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 | | globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 indirection | subpaths +| globalVars.c:30:15:30:18 | copy indirection | globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | ReturnIndirection | globalVars.c:30:15:30:18 | printWrapper output argument | +| globalVars.c:41:15:41:19 | copy2 indirection | globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | ReturnIndirection | globalVars.c:41:15:41:19 | printWrapper output argument | nodes | globalVars.c:8:7:8:10 | copy | semmle.label | copy | | globalVars.c:9:7:9:11 | copy2 | semmle.label | copy2 | @@ -55,6 +83,8 @@ nodes | globalVars.c:12:2:12:15 | Store | semmle.label | Store | | globalVars.c:15:21:15:23 | val | semmle.label | val | | globalVars.c:16:2:16:12 | Store | semmle.label | Store | +| globalVars.c:19:25:19:27 | *str | semmle.label | *str | +| globalVars.c:19:25:19:27 | ReturnIndirection | semmle.label | ReturnIndirection | | globalVars.c:24:2:24:9 | argv | semmle.label | argv | | globalVars.c:24:11:24:14 | argv | semmle.label | argv | | globalVars.c:24:11:24:14 | argv | semmle.label | argv | @@ -71,6 +101,8 @@ nodes | globalVars.c:30:15:30:18 | copy | semmle.label | copy | | globalVars.c:30:15:30:18 | copy indirection | semmle.label | copy indirection | | globalVars.c:30:15:30:18 | copy indirection | semmle.label | copy indirection | +| globalVars.c:30:15:30:18 | printWrapper output argument | semmle.label | printWrapper output argument | +| globalVars.c:33:15:33:18 | copy | semmle.label | copy | | globalVars.c:35:2:35:9 | copy | semmle.label | copy | | globalVars.c:35:11:35:14 | copy | semmle.label | copy | | globalVars.c:38:9:38:13 | (const char *)... | semmle.label | (const char *)... | @@ -85,6 +117,8 @@ nodes | globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 | | globalVars.c:41:15:41:19 | copy2 indirection | semmle.label | copy2 indirection | | globalVars.c:41:15:41:19 | copy2 indirection | semmle.label | copy2 indirection | +| globalVars.c:41:15:41:19 | printWrapper output argument | semmle.label | printWrapper output argument | +| globalVars.c:44:15:44:19 | copy2 | semmle.label | copy2 | | globalVars.c:50:9:50:13 | (const char *)... | semmle.label | (const char *)... | | globalVars.c:50:9:50:13 | (const char *)... | semmle.label | (const char *)... | | globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.c b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.c index 69a46dd3879..3d15905d82d 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.c +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.c @@ -86,13 +86,13 @@ int main(int argc, char **argv) { i3 = argv[1]; printf(i3); - // BAD [FALSE NEGATIVE]: varOne is 1 so condition is true and it always goes inside the if + // BAD: varOne is 1 so condition is true and it always goes inside the if char *i4; if (varOne) i4 = argv[1]; printf(i4); - // BAD [FALSE NEGATIVE]: varZero is 0 so condition is true and it always goes inside the if + // BAD: varZero is 0 so condition is true and it always goes inside the if char *i5; if (!varZero) i5 = argv[1]; diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.expected index 2805eed6ad0..08c78246a8a 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.expected @@ -39,6 +39,22 @@ edges | ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 | | ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 indirection | | ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 indirection | +| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | (const char *)... | +| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | (const char *)... | +| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 | +| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 | +| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 | +| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 | +| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 indirection | +| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 indirection | +| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | (const char *)... | +| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | (const char *)... | +| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 | +| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 | +| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 | +| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 | +| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 indirection | +| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 indirection | | ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | (const char *)... | | ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | (const char *)... | | ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 | @@ -118,6 +134,24 @@ nodes | ifs.c:87:9:87:10 | i3 | semmle.label | i3 | | ifs.c:87:9:87:10 | i3 indirection | semmle.label | i3 indirection | | ifs.c:87:9:87:10 | i3 indirection | semmle.label | i3 indirection | +| ifs.c:92:8:92:11 | argv | semmle.label | argv | +| ifs.c:92:8:92:11 | argv | semmle.label | argv | +| ifs.c:93:9:93:10 | (const char *)... | semmle.label | (const char *)... | +| ifs.c:93:9:93:10 | (const char *)... | semmle.label | (const char *)... | +| ifs.c:93:9:93:10 | i4 | semmle.label | i4 | +| ifs.c:93:9:93:10 | i4 | semmle.label | i4 | +| ifs.c:93:9:93:10 | i4 | semmle.label | i4 | +| ifs.c:93:9:93:10 | i4 indirection | semmle.label | i4 indirection | +| ifs.c:93:9:93:10 | i4 indirection | semmle.label | i4 indirection | +| ifs.c:98:8:98:11 | argv | semmle.label | argv | +| ifs.c:98:8:98:11 | argv | semmle.label | argv | +| ifs.c:99:9:99:10 | (const char *)... | semmle.label | (const char *)... | +| ifs.c:99:9:99:10 | (const char *)... | semmle.label | (const char *)... | +| ifs.c:99:9:99:10 | i5 | semmle.label | i5 | +| ifs.c:99:9:99:10 | i5 | semmle.label | i5 | +| ifs.c:99:9:99:10 | i5 | semmle.label | i5 | +| ifs.c:99:9:99:10 | i5 indirection | semmle.label | i5 indirection | +| ifs.c:99:9:99:10 | i5 indirection | semmle.label | i5 indirection | | ifs.c:105:8:105:11 | argv | semmle.label | argv | | ifs.c:105:8:105:11 | argv | semmle.label | argv | | ifs.c:106:9:106:10 | (const char *)... | semmle.label | (const char *)... | @@ -160,6 +194,8 @@ nodes | ifs.c:75:9:75:10 | i1 | ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | i1 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | ifs.c:74:8:74:11 | argv | argv | | ifs.c:81:9:81:10 | i2 | ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | i2 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | ifs.c:80:8:80:11 | argv | argv | | ifs.c:87:9:87:10 | i3 | ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | ifs.c:86:8:86:11 | argv | argv | +| ifs.c:93:9:93:10 | i4 | ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | ifs.c:92:8:92:11 | argv | argv | +| ifs.c:99:9:99:10 | i5 | ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | ifs.c:98:8:98:11 | argv | argv | | ifs.c:106:9:106:10 | i6 | ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | ifs.c:105:8:105:11 | argv | argv | | ifs.c:112:9:112:10 | i7 | ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | i7 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | ifs.c:111:8:111:11 | argv | argv | | ifs.c:118:9:118:10 | i8 | ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | i8 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format) | ifs.c:117:8:117:11 | argv | argv | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected index 8f7f3aa2efa..9499152ed39 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected @@ -6,25 +6,24 @@ edges | test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | | test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r | | test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r | -| test.c:99:14:99:19 | call to rand | test.c:100:5:100:5 | r | | test.c:125:13:125:16 | call to rand | test.c:127:9:127:9 | r | | test.c:131:13:131:16 | call to rand | test.c:133:5:133:5 | r | | test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r | | test.c:155:22:155:25 | call to rand | test.c:157:9:157:9 | r | | test.c:155:22:155:27 | (unsigned int)... | test.c:157:9:157:9 | r | -| test.cpp:8:9:8:12 | Store | test.cpp:24:11:24:18 | call to get_rand | -| test.cpp:8:9:8:12 | call to rand | test.cpp:8:9:8:12 | Store | -| test.cpp:13:2:13:15 | Chi [[]] | test.cpp:30:13:30:14 | get_rand2 output argument [[]] | -| test.cpp:13:10:13:13 | call to rand | test.cpp:13:2:13:15 | Chi [[]] | -| test.cpp:18:2:18:14 | Chi [[]] | test.cpp:36:13:36:13 | get_rand3 output argument [[]] | -| test.cpp:18:9:18:12 | call to rand | test.cpp:18:2:18:14 | Chi [[]] | +| test.cpp:6:5:6:12 | ReturnValue | test.cpp:24:11:24:18 | call to get_rand | +| test.cpp:8:9:8:12 | call to rand | test.cpp:6:5:6:12 | ReturnValue | +| test.cpp:13:2:13:6 | * ... [post update] | test.cpp:30:3:30:11 | & ... [post update] | +| test.cpp:13:3:13:6 | dest [post update] | test.cpp:30:3:30:11 | & ... [post update] | +| test.cpp:13:10:13:13 | call to rand | test.cpp:13:2:13:6 | * ... [post update] | +| test.cpp:13:10:13:13 | call to rand | test.cpp:13:3:13:6 | dest [post update] | +| test.cpp:18:2:18:5 | (reference dereference) [post update] | test.cpp:36:3:36:11 | r [post update] | +| test.cpp:18:2:18:5 | dest [post update] | test.cpp:36:3:36:11 | r [post update] | +| test.cpp:18:9:18:12 | call to rand | test.cpp:18:2:18:5 | (reference dereference) [post update] | +| test.cpp:18:9:18:12 | call to rand | test.cpp:18:2:18:5 | dest [post update] | | test.cpp:24:11:24:18 | call to get_rand | test.cpp:25:7:25:7 | r | -| test.cpp:30:13:30:14 | Chi | test.cpp:31:7:31:7 | r | -| test.cpp:30:13:30:14 | get_rand2 output argument [[]] | test.cpp:30:13:30:14 | Chi | -| test.cpp:36:13:36:13 | Chi | test.cpp:37:7:37:7 | r | -| test.cpp:36:13:36:13 | get_rand3 output argument [[]] | test.cpp:36:13:36:13 | Chi | -| test.cpp:62:19:62:22 | call to rand | test.cpp:65:9:65:9 | x | -| test.cpp:62:19:62:24 | (unsigned int)... | test.cpp:65:9:65:9 | x | +| test.cpp:30:3:30:11 | & ... [post update] | test.cpp:31:7:31:7 | r | +| test.cpp:36:3:36:11 | r [post update] | test.cpp:37:7:37:7 | r | | test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x | | test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x | | test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y | @@ -53,8 +52,6 @@ nodes | test.c:81:14:81:17 | call to rand | semmle.label | call to rand | | test.c:81:23:81:26 | call to rand | semmle.label | call to rand | | test.c:83:9:83:9 | r | semmle.label | r | -| test.c:99:14:99:19 | call to rand | semmle.label | call to rand | -| test.c:100:5:100:5 | r | semmle.label | r | | test.c:125:13:125:16 | call to rand | semmle.label | call to rand | | test.c:127:9:127:9 | r | semmle.label | r | | test.c:131:13:131:16 | call to rand | semmle.label | call to rand | @@ -64,23 +61,20 @@ nodes | test.c:155:22:155:25 | call to rand | semmle.label | call to rand | | test.c:155:22:155:27 | (unsigned int)... | semmle.label | (unsigned int)... | | test.c:157:9:157:9 | r | semmle.label | r | -| test.cpp:8:9:8:12 | Store | semmle.label | Store | +| test.cpp:6:5:6:12 | ReturnValue | semmle.label | ReturnValue | | test.cpp:8:9:8:12 | call to rand | semmle.label | call to rand | -| test.cpp:13:2:13:15 | Chi [[]] | semmle.label | Chi [[]] | +| test.cpp:13:2:13:6 | * ... [post update] | semmle.label | * ... [post update] | +| test.cpp:13:3:13:6 | dest [post update] | semmle.label | dest [post update] | | test.cpp:13:10:13:13 | call to rand | semmle.label | call to rand | -| test.cpp:18:2:18:14 | Chi [[]] | semmle.label | Chi [[]] | +| test.cpp:18:2:18:5 | (reference dereference) [post update] | semmle.label | (reference dereference) [post update] | +| test.cpp:18:2:18:5 | dest [post update] | semmle.label | dest [post update] | | test.cpp:18:9:18:12 | call to rand | semmle.label | call to rand | | test.cpp:24:11:24:18 | call to get_rand | semmle.label | call to get_rand | | test.cpp:25:7:25:7 | r | semmle.label | r | -| test.cpp:30:13:30:14 | Chi | semmle.label | Chi | -| test.cpp:30:13:30:14 | get_rand2 output argument [[]] | semmle.label | get_rand2 output argument [[]] | +| test.cpp:30:3:30:11 | & ... [post update] | semmle.label | & ... [post update] | | test.cpp:31:7:31:7 | r | semmle.label | r | -| test.cpp:36:13:36:13 | Chi | semmle.label | Chi | -| test.cpp:36:13:36:13 | get_rand3 output argument [[]] | semmle.label | get_rand3 output argument [[]] | +| test.cpp:36:3:36:11 | r [post update] | semmle.label | r [post update] | | test.cpp:37:7:37:7 | r | semmle.label | r | -| test.cpp:62:19:62:22 | call to rand | semmle.label | call to rand | -| test.cpp:62:19:62:24 | (unsigned int)... | semmle.label | (unsigned int)... | -| test.cpp:65:9:65:9 | x | semmle.label | x | | test.cpp:86:10:86:13 | call to rand | semmle.label | call to rand | | test.cpp:90:10:90:10 | x | semmle.label | x | | test.cpp:98:10:98:13 | call to rand | semmle.label | call to rand | @@ -114,7 +108,6 @@ subpaths | test.c:77:9:77:9 | r | test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:75:13:75:19 | call to rand | Uncontrolled value | | test.c:83:9:83:9 | r | test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:81:14:81:17 | call to rand | Uncontrolled value | | test.c:83:9:83:9 | r | test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:81:23:81:26 | call to rand | Uncontrolled value | -| test.c:100:5:100:5 | r | test.c:99:14:99:19 | call to rand | test.c:100:5:100:5 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:99:14:99:19 | call to rand | Uncontrolled value | | test.c:127:9:127:9 | r | test.c:125:13:125:16 | call to rand | test.c:127:9:127:9 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:125:13:125:16 | call to rand | Uncontrolled value | | test.c:133:5:133:5 | r | test.c:131:13:131:16 | call to rand | test.c:133:5:133:5 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:131:13:131:16 | call to rand | Uncontrolled value | | test.c:139:10:139:10 | r | test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:137:13:137:16 | call to rand | Uncontrolled value | @@ -123,8 +116,6 @@ subpaths | test.cpp:25:7:25:7 | r | test.cpp:8:9:8:12 | call to rand | test.cpp:25:7:25:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:8:9:8:12 | call to rand | Uncontrolled value | | test.cpp:31:7:31:7 | r | test.cpp:13:10:13:13 | call to rand | test.cpp:31:7:31:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:13:10:13:13 | call to rand | Uncontrolled value | | test.cpp:37:7:37:7 | r | test.cpp:18:9:18:12 | call to rand | test.cpp:37:7:37:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:18:9:18:12 | call to rand | Uncontrolled value | -| test.cpp:65:9:65:9 | x | test.cpp:62:19:62:22 | call to rand | test.cpp:65:9:65:9 | x | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.cpp:62:19:62:22 | call to rand | Uncontrolled value | -| test.cpp:65:9:65:9 | x | test.cpp:62:19:62:24 | (unsigned int)... | test.cpp:65:9:65:9 | x | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.cpp:62:19:62:22 | call to rand | Uncontrolled value | | test.cpp:90:10:90:10 | x | test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:86:10:86:13 | call to rand | Uncontrolled value | | test.cpp:102:10:102:10 | x | test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:98:10:98:13 | call to rand | Uncontrolled value | | test.cpp:146:9:146:9 | y | test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:137:10:137:13 | call to rand | Uncontrolled value | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c index 9b308ebb937..eaec2a38e2e 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c @@ -97,7 +97,7 @@ void randomTester() { int r = 0; int *ptr_r = &r; *ptr_r = RAND(); - r += 100; // BAD + r += 100; // BAD [NOT DETECTED] } { diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.cpp index c64e4665eca..7904037b797 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.cpp @@ -62,7 +62,7 @@ unsigned int test_remainder_subtract_unsigned() unsigned int x = rand(); unsigned int y = x % 100; // y <= x - return x - y; // GOOD (as y <= x) [FALSE POSITIVE] + return x - y; // GOOD (as y <= x) } typedef unsigned long size_t; diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected index 7fe8651f89a..8c6fca273a7 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected @@ -39,10 +39,10 @@ edges | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | | test.cpp:148:20:148:33 | (const char *)... | test.cpp:152:11:152:28 | ... * ... | | test.cpp:148:20:148:33 | (const char *)... | test.cpp:152:11:152:28 | ... * ... | -| test.cpp:211:9:211:42 | Store | test.cpp:241:9:241:24 | call to get_tainted_size | -| test.cpp:211:9:211:42 | Store | test.cpp:241:9:241:24 | call to get_tainted_size | -| test.cpp:211:14:211:19 | call to getenv | test.cpp:211:9:211:42 | Store | -| test.cpp:211:14:211:27 | (const char *)... | test.cpp:211:9:211:42 | Store | +| test.cpp:209:8:209:23 | ReturnValue | test.cpp:241:9:241:24 | call to get_tainted_size | +| test.cpp:209:8:209:23 | ReturnValue | test.cpp:241:9:241:24 | call to get_tainted_size | +| test.cpp:211:14:211:19 | call to getenv | test.cpp:209:8:209:23 | ReturnValue | +| test.cpp:211:14:211:27 | (const char *)... | test.cpp:209:8:209:23 | ReturnValue | | test.cpp:224:23:224:23 | s | test.cpp:225:21:225:21 | s | | test.cpp:224:23:224:23 | s | test.cpp:225:21:225:21 | s | | test.cpp:230:21:230:21 | s | test.cpp:231:21:231:21 | s | @@ -59,20 +59,22 @@ edges | test.cpp:237:24:237:37 | (const char *)... | test.cpp:247:2:247:8 | local_size | | test.cpp:245:2:245:9 | local_size | test.cpp:224:23:224:23 | s | | test.cpp:247:2:247:8 | local_size | test.cpp:230:21:230:21 | s | -| test.cpp:251:2:251:32 | Chi [[]] | test.cpp:289:17:289:20 | get_size output argument [[]] | -| test.cpp:251:2:251:32 | Chi [[]] | test.cpp:305:18:305:21 | get_size output argument [[]] | -| test.cpp:251:18:251:23 | call to getenv | test.cpp:251:2:251:32 | Chi [[]] | -| test.cpp:251:18:251:31 | (const char *)... | test.cpp:251:2:251:32 | Chi [[]] | +| test.cpp:251:2:251:9 | (reference dereference) [post update] | test.cpp:289:8:289:15 | size [post update] | +| test.cpp:251:2:251:9 | (reference dereference) [post update] | test.cpp:305:9:305:16 | size [post update] | +| test.cpp:251:2:251:9 | out_size [post update] | test.cpp:289:8:289:15 | size [post update] | +| test.cpp:251:2:251:9 | out_size [post update] | test.cpp:305:9:305:16 | size [post update] | +| test.cpp:251:18:251:23 | call to getenv | test.cpp:251:2:251:9 | (reference dereference) [post update] | +| test.cpp:251:18:251:23 | call to getenv | test.cpp:251:2:251:9 | out_size [post update] | +| test.cpp:251:18:251:31 | (const char *)... | test.cpp:251:2:251:9 | (reference dereference) [post update] | +| test.cpp:251:18:251:31 | (const char *)... | test.cpp:251:2:251:9 | out_size [post update] | | test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... | | test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... | | test.cpp:259:20:259:33 | (const char *)... | test.cpp:263:11:263:29 | ... * ... | | test.cpp:259:20:259:33 | (const char *)... | test.cpp:263:11:263:29 | ... * ... | -| test.cpp:289:17:289:20 | Chi | test.cpp:291:11:291:28 | ... * ... | -| test.cpp:289:17:289:20 | Chi | test.cpp:291:11:291:28 | ... * ... | -| test.cpp:289:17:289:20 | get_size output argument [[]] | test.cpp:289:17:289:20 | Chi | -| test.cpp:305:18:305:21 | Chi | test.cpp:308:10:308:27 | ... * ... | -| test.cpp:305:18:305:21 | Chi | test.cpp:308:10:308:27 | ... * ... | -| test.cpp:305:18:305:21 | get_size output argument [[]] | test.cpp:305:18:305:21 | Chi | +| test.cpp:289:8:289:15 | size [post update] | test.cpp:291:11:291:28 | ... * ... | +| test.cpp:289:8:289:15 | size [post update] | test.cpp:291:11:291:28 | ... * ... | +| test.cpp:305:9:305:16 | size [post update] | test.cpp:308:10:308:27 | ... * ... | +| test.cpp:305:9:305:16 | size [post update] | test.cpp:308:10:308:27 | ... * ... | subpaths nodes | test.cpp:40:21:40:24 | argv | semmle.label | argv | @@ -114,7 +116,7 @@ nodes | test.cpp:152:11:152:28 | ... * ... | semmle.label | ... * ... | | test.cpp:152:11:152:28 | ... * ... | semmle.label | ... * ... | | test.cpp:152:11:152:28 | ... * ... | semmle.label | ... * ... | -| test.cpp:211:9:211:42 | Store | semmle.label | Store | +| test.cpp:209:8:209:23 | ReturnValue | semmle.label | ReturnValue | | test.cpp:211:14:211:19 | call to getenv | semmle.label | call to getenv | | test.cpp:211:14:211:27 | (const char *)... | semmle.label | (const char *)... | | test.cpp:224:23:224:23 | s | semmle.label | s | @@ -137,8 +139,8 @@ nodes | test.cpp:241:9:241:24 | call to get_tainted_size | semmle.label | call to get_tainted_size | | test.cpp:245:2:245:9 | local_size | semmle.label | local_size | | test.cpp:247:2:247:8 | local_size | semmle.label | local_size | -| test.cpp:251:2:251:32 | Chi [[]] | semmle.label | Chi [[]] | -| test.cpp:251:2:251:32 | ChiPartial | semmle.label | ChiPartial | +| test.cpp:251:2:251:9 | (reference dereference) [post update] | semmle.label | (reference dereference) [post update] | +| test.cpp:251:2:251:9 | out_size [post update] | semmle.label | out_size [post update] | | test.cpp:251:18:251:23 | call to getenv | semmle.label | call to getenv | | test.cpp:251:18:251:31 | (const char *)... | semmle.label | (const char *)... | | test.cpp:259:20:259:25 | call to getenv | semmle.label | call to getenv | @@ -146,13 +148,11 @@ nodes | test.cpp:263:11:263:29 | ... * ... | semmle.label | ... * ... | | test.cpp:263:11:263:29 | ... * ... | semmle.label | ... * ... | | test.cpp:263:11:263:29 | ... * ... | semmle.label | ... * ... | -| test.cpp:289:17:289:20 | Chi | semmle.label | Chi | -| test.cpp:289:17:289:20 | get_size output argument [[]] | semmle.label | get_size output argument [[]] | +| test.cpp:289:8:289:15 | size [post update] | semmle.label | size [post update] | | test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... | | test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... | | test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... | -| test.cpp:305:18:305:21 | Chi | semmle.label | Chi | -| test.cpp:305:18:305:21 | get_size output argument [[]] | semmle.label | get_size output argument [[]] | +| test.cpp:305:9:305:16 | size [post update] | semmle.label | size [post update] | | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... | | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... | | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected index e0f72bffd44..383b45a0812 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected @@ -4,11 +4,11 @@ edges | test2.cpp:25:22:25:23 | & ... | test2.cpp:27:2:27:11 | v | | test2.cpp:25:22:25:23 | fscanf output argument | test2.cpp:27:2:27:11 | v | | test2.cpp:27:2:27:11 | v | test2.cpp:12:21:12:21 | v | -| test5.cpp:9:7:9:9 | buf | test5.cpp:10:9:10:27 | Store | -| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:10:9:10:27 | Store | -| test5.cpp:10:9:10:27 | Store | test5.cpp:17:6:17:18 | call to getTaintedInt | -| test5.cpp:10:9:10:27 | Store | test5.cpp:17:6:17:18 | call to getTaintedInt | -| test5.cpp:10:9:10:27 | Store | test5.cpp:18:6:18:18 | call to getTaintedInt | +| test5.cpp:5:5:5:17 | ReturnValue | test5.cpp:17:6:17:18 | call to getTaintedInt | +| test5.cpp:5:5:5:17 | ReturnValue | test5.cpp:17:6:17:18 | call to getTaintedInt | +| test5.cpp:5:5:5:17 | ReturnValue | test5.cpp:18:6:18:18 | call to getTaintedInt | +| test5.cpp:9:7:9:9 | buf | test5.cpp:5:5:5:17 | ReturnValue | +| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | ReturnValue | | test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:19:6:19:6 | y | | test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:19:6:19:6 | y | | test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections | @@ -32,9 +32,9 @@ nodes | test2.cpp:25:22:25:23 | & ... | semmle.label | & ... | | test2.cpp:25:22:25:23 | fscanf output argument | semmle.label | fscanf output argument | | test2.cpp:27:2:27:11 | v | semmle.label | v | +| test5.cpp:5:5:5:17 | ReturnValue | semmle.label | ReturnValue | | test5.cpp:9:7:9:9 | buf | semmle.label | buf | | test5.cpp:9:7:9:9 | gets output argument | semmle.label | gets output argument | -| test5.cpp:10:9:10:27 | Store | semmle.label | Store | | test5.cpp:17:6:17:18 | call to getTaintedInt | semmle.label | call to getTaintedInt | | test5.cpp:17:6:17:18 | call to getTaintedInt | semmle.label | call to getTaintedInt | | test5.cpp:17:6:17:18 | call to getTaintedInt | semmle.label | call to getTaintedInt | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected index 1fdb1497922..bf06935046b 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected @@ -1,12 +1,8 @@ edges | test.cpp:20:29:20:34 | call to getenv | test.cpp:24:10:24:35 | ! ... | | test.cpp:20:29:20:34 | call to getenv | test.cpp:24:11:24:16 | call to strcmp | -| test.cpp:20:29:20:34 | call to getenv | test.cpp:41:10:41:38 | ! ... | -| test.cpp:20:29:20:34 | call to getenv | test.cpp:41:11:41:16 | call to strcmp | | test.cpp:20:29:20:47 | (const char *)... | test.cpp:24:10:24:35 | ! ... | | test.cpp:20:29:20:47 | (const char *)... | test.cpp:24:11:24:16 | call to strcmp | -| test.cpp:20:29:20:47 | (const char *)... | test.cpp:41:10:41:38 | ! ... | -| test.cpp:20:29:20:47 | (const char *)... | test.cpp:41:11:41:16 | call to strcmp | subpaths nodes | test.cpp:20:29:20:34 | call to getenv | semmle.label | call to getenv | @@ -14,9 +10,5 @@ nodes | test.cpp:24:10:24:35 | ! ... | semmle.label | ! ... | | test.cpp:24:11:24:16 | call to strcmp | semmle.label | call to strcmp | | test.cpp:24:11:24:16 | call to strcmp | semmle.label | call to strcmp | -| test.cpp:41:10:41:38 | ! ... | semmle.label | ! ... | -| test.cpp:41:11:41:16 | call to strcmp | semmle.label | call to strcmp | -| test.cpp:41:11:41:16 | call to strcmp | semmle.label | call to strcmp | #select | test.cpp:24:10:24:35 | ! ... | test.cpp:20:29:20:34 | call to getenv | test.cpp:24:10:24:35 | ! ... | Reliance on untrusted input $@ to raise privilege at $@ | test.cpp:20:29:20:34 | call to getenv | call to getenv | test.cpp:25:9:25:27 | ... = ... | ... = ... | -| test.cpp:41:10:41:38 | ! ... | test.cpp:20:29:20:34 | call to getenv | test.cpp:41:10:41:38 | ! ... | Reliance on untrusted input $@ to raise privilege at $@ | test.cpp:20:29:20:34 | call to getenv | call to getenv | test.cpp:42:8:42:26 | ... = ... | ... = ... | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/test.cpp index 0430d861095..641cbaa7be7 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/test.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/test.cpp @@ -35,7 +35,7 @@ void processRequest() adminPrivileges = 0; // OK, since it's a 0 and not a 1 } - // BAD (requires pointer analysis to catch) + // BAD (requires pointer analysis to catch) [NOT DETECTED] const char** userp = ¤tUser; *userp = userName; if (!strcmp(currentUser, "admin")) { From 71972161852340fc25bc9b7182de2ce824f64f73 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Oct 2021 13:12:07 +0100 Subject: [PATCH 16/70] Add a copy of SsaImplCommon to the identical-files script. --- config/identical-files.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/identical-files.json b/config/identical-files.json index a60bd919028..a04fc77841d 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -449,7 +449,8 @@ "csharp/ql/lib/semmle/code/csharp/controlflow/internal/pressa/SsaImplCommon.qll", "csharp/ql/lib/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll", "csharp/ql/lib/semmle/code/cil/internal/SsaImplCommon.qll", - "ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImplCommon.qll" + "ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImplCommon.qll", + "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll" ], "CryptoAlgorithms Python/JS": [ "javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll", From 12e0185b0dd8d7b1f0a7523a0b1374bdb577b3e2 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Oct 2021 13:12:25 +0100 Subject: [PATCH 17/70] C++: Sync identical files. --- .../lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll index 884f4406d01..395cb5cb171 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll @@ -156,6 +156,7 @@ private predicate dominatesPredecessor(BasicBlock bb1, BasicBlock bb2) { } /** Holds if `df` is in the dominance frontier of `bb`. */ +pragma[noinline] private predicate inDominanceFrontier(BasicBlock bb, BasicBlock df) { dominatesPredecessor(bb, df) and not strictlyDominates(bb, df) From 387c96d1e2d48e4dbcc2cdf049994940802fb68c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 28 Oct 2021 14:00:50 +0100 Subject: [PATCH 18/70] Rename 'SourceVariable.getVariable' to 'SourceVariable.getIRVariable' and replace 'Def.getVariable' to 'Def.getSourceVariable'. --- .../code/cpp/ir/dataflow/internal/Ssa.qll | 22 +++++++++---------- .../ir/dataflow/internal/SsaImplSpecific.qll | 10 ++++----- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index 11705a43774..00c28b35899 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -73,7 +73,7 @@ abstract class Def extends DefOrUse { Instruction getInstruction() { result = store } /** Gets the variable that is defined by this definition. */ - abstract SourceVariable getVariable(); + abstract SourceVariable getSourceVariable(); /** Holds if this definition is guaranteed to happen. */ abstract predicate isCertain(); @@ -94,10 +94,10 @@ abstract class Def extends DefOrUse { private class ExplicitDef extends Def, TExplicitDef { ExplicitDef() { this = TExplicitDef(store) } - override SourceVariable getVariable() { + override SourceVariable getSourceVariable() { exists(VariableInstruction var | explicitWrite(_, this.getInstruction(), var) and - result.getVariable() = var.getIRVariable() and + result.getIRVariable() = var.getIRVariable() and not result.isIndirection() ) } @@ -108,11 +108,11 @@ private class ExplicitDef extends Def, TExplicitDef { private class ParameterDef extends Def, TInitializeParam { ParameterDef() { this = TInitializeParam(store) } - override SourceVariable getVariable() { - result.getVariable() = store.(InitializeParameterInstruction).getIRVariable() and + override SourceVariable getSourceVariable() { + result.getIRVariable() = store.(InitializeParameterInstruction).getIRVariable() and not result.isIndirection() or - result.getVariable() = store.(InitializeIndirectionInstruction).getIRVariable() and + result.getIRVariable() = store.(InitializeIndirectionInstruction).getIRVariable() and result.isIndirection() } @@ -130,7 +130,7 @@ abstract class Use extends DefOrUse { override string toString() { result = "Use" } /** Gets the variable that is used by this use. */ - abstract SourceVariable getVariable(); + abstract SourceVariable getSourceVariable(); override IRBlock getBlock() { result = use.getUse().getBlock() } @@ -144,10 +144,10 @@ abstract class Use extends DefOrUse { private class ExplicitUse extends Use, TExplicitUse { ExplicitUse() { this = TExplicitUse(use) } - override SourceVariable getVariable() { + override SourceVariable getSourceVariable() { exists(VariableInstruction var | use.getDef() = var and - result.getVariable() = var.getIRVariable() and + result.getIRVariable() = var.getIRVariable() and ( if use.getUse() instanceof ReadSideEffectInstruction then result.isIndirection() @@ -160,10 +160,10 @@ private class ExplicitUse extends Use, TExplicitUse { private class ReturnParameterIndirection extends Use, TReturnParamIndirection { ReturnParameterIndirection() { this = TReturnParamIndirection(use) } - override SourceVariable getVariable() { + override SourceVariable getSourceVariable() { exists(ReturnIndirectionInstruction ret | returnParameterIndirection(use, ret) and - result.getVariable() = ret.getIRVariable() and + result.getIRVariable() = ret.getIRVariable() and result.isIndirection() ) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll index 196d32205ad..211fc2514b3 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll @@ -21,7 +21,7 @@ private newtype TSourceVariable = abstract class SourceVariable extends TSourceVariable { IRVariable var; - IRVariable getVariable() { result = var } + IRVariable getIRVariable() { result = var } abstract string toString(); @@ -31,7 +31,7 @@ abstract class SourceVariable extends TSourceVariable { class SourceIRVariable extends SourceVariable, TSourceIRVariable { SourceIRVariable() { this = TSourceIRVariable(var) } - override string toString() { result = this.getVariable().toString() } + override string toString() { result = this.getIRVariable().toString() } } class SourceIRVariableIndirection extends SourceVariable, TSourceIRVariableIndirection { @@ -41,7 +41,7 @@ class SourceIRVariableIndirection extends SourceVariable, TSourceIRVariableIndir this = TSourceIRVariableIndirection(init) and var = init.getIRVariable() } - override string toString() { result = "*" + this.getVariable().toString() } + override string toString() { result = "*" + this.getIRVariable().toString() } override predicate isIndirection() { any() } } @@ -50,7 +50,7 @@ predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) DataFlowImplCommon::forceCachingInSameStage() and exists(Ssa::Def def | def.hasRankInBlock(bb, i) and - v = def.getVariable() and + v = def.getSourceVariable() and (if def.isCertain() then certain = true else certain = false) ) } @@ -58,7 +58,7 @@ predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { exists(Ssa::Use use | use.hasRankInBlock(bb, i) and - v = use.getVariable() and + v = use.getSourceVariable() and certain = true ) } From cde80ccf837d5e5a238f2f4d70f634df101e8c4a Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 28 Oct 2021 14:09:26 +0100 Subject: [PATCH 19/70] Replace 'hasLocationInfo' with 'getLocation'. --- .../code/cpp/ir/dataflow/internal/Ssa.qll | 24 ++++--------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index 00c28b35899..a970398bc0d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -48,16 +48,8 @@ private class DefOrUse extends TDefOrUse { rnk = getRank(this, block) } - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - abstract predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ); + /** Gets the location of this element. */ + abstract Cpp::Location getLocation(); } private Instruction toInstruction(DefOrUse defOrUse) { @@ -84,11 +76,7 @@ abstract class Def extends DefOrUse { override IRBlock getBlock() { result = this.getInstruction().getBlock() } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - store.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Cpp::Location getLocation() { result = store.getLocation() } } private class ExplicitDef extends Def, TExplicitDef { @@ -134,11 +122,7 @@ abstract class Use extends DefOrUse { override IRBlock getBlock() { result = use.getUse().getBlock() } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - use.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Cpp::Location getLocation() { result = use.getLocation() } } private class ExplicitUse extends Use, TExplicitUse { From ee2541c3bcefb03f1081e4d95d7027baff07371a Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 28 Oct 2021 14:12:22 +0100 Subject: [PATCH 20/70] C++: Fix QLDoc on 'getDestinationAddress'. --- cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index a970398bc0d..230f6b535fb 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -201,8 +201,7 @@ predicate addressFlowTC(Instruction iFrom, Instruction iTo) { /** * Gets the destination address of `instr` if it is a `StoreInstruction` or - * a `WriteSideEffectInstruction`. The destination address of a `WriteSideEffectInstruction` is adjusted - * in the case of calls to operator `new` to give the destination address of a subsequent store (if any). + * a `WriteSideEffectInstruction`. */ Instruction getDestinationAddress(Instruction instr) { result = From 675e284c0e26fcc4f0d16901265ed92e19563d6f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 28 Oct 2021 14:52:57 +0100 Subject: [PATCH 21/70] C++: A 'LoadInstruction' in a store chain always sets 'certain = false'. --- cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll | 4 +++- .../dataflow/dataflow-tests/dataflow-ir-consistency.expected | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll index 230f6b535fb..62b0a6afeb5 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll @@ -275,7 +275,9 @@ predicate explicitWrite(boolean certain, Instruction instr, Instruction address) | if addressFlowTC(any(Instruction i | - i instanceof FieldAddressInstruction or i instanceof PointerArithmeticInstruction + i instanceof FieldAddressInstruction or + i instanceof PointerArithmeticInstruction or + i instanceof LoadInstruction ), store.getDestinationAddress()) then certain = false else certain = true diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected index a441de0d72a..f2498e224d7 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected @@ -181,7 +181,10 @@ postWithInFlow | dispatch.cpp:130:10:130:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | | dispatch.cpp:130:10:130:15 | topRef [post update] | PostUpdateNode should not be the target of local flow. | | dispatch.cpp:130:17:130:24 | topRef [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:148:3:148:3 | u [post update] | PostUpdateNode should not be the target of local flow. | | dispatch.cpp:148:5:148:5 | f [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:168:3:168:4 | u2 [post update] | PostUpdateNode should not be the target of local flow. | +| dispatch.cpp:168:6:168:6 | u [post update] | PostUpdateNode should not be the target of local flow. | | dispatch.cpp:168:8:168:8 | f [post update] | PostUpdateNode should not be the target of local flow. | | example.c:17:19:17:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | | example.c:17:19:17:22 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | From 05900cda874984bd225499d3da686bb65ca01311 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 28 Oct 2021 17:10:48 +0100 Subject: [PATCH 22/70] C++: Rename 'Ssa' to 'SsaInternals' and move definitions from 'SSaImplSpecific' to 'SsaInternals'. Now we can avoid cyclic imports. --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 2 +- .../ir/dataflow/internal/SsaImplSpecific.qll | 56 ++-------------- .../internal/{Ssa.qll => SsaInternals.qll} | 64 ++++++++++++++++++- 3 files changed, 68 insertions(+), 54 deletions(-) rename cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/{Ssa.qll => SsaInternals.qll} (90%) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 3ebe81d4b4c..20c6792e787 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -11,7 +11,7 @@ private import semmle.code.cpp.ir.IR private import semmle.code.cpp.controlflow.IRGuards private import semmle.code.cpp.models.interfaces.DataFlow private import DataFlowPrivate -private import Ssa as Ssa +private import SsaInternals as Ssa cached private module Cached { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll index 211fc2514b3..20f9d1894b1 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplSpecific.qll @@ -1,11 +1,10 @@ private import semmle.code.cpp.ir.IR -private import DataFlowUtil -private import DataFlowPrivate -private import DataFlowImplCommon as DataFlowImplCommon -private import Ssa as Ssa +private import SsaInternals as Ssa class BasicBlock = IRBlock; +class SourceVariable = Ssa::SourceVariable; + BasicBlock getImmediateBasicBlockDominator(BasicBlock bb) { result.immediatelyDominates(bb) } BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() } @@ -14,51 +13,6 @@ class ExitBasicBlock extends IRBlock { ExitBasicBlock() { this.getLastInstruction() instanceof ExitFunctionInstruction } } -private newtype TSourceVariable = - TSourceIRVariable(IRVariable var) or - TSourceIRVariableIndirection(InitializeIndirectionInstruction init) +predicate variableWrite = Ssa::variableWrite/4; -abstract class SourceVariable extends TSourceVariable { - IRVariable var; - - IRVariable getIRVariable() { result = var } - - abstract string toString(); - - predicate isIndirection() { none() } -} - -class SourceIRVariable extends SourceVariable, TSourceIRVariable { - SourceIRVariable() { this = TSourceIRVariable(var) } - - override string toString() { result = this.getIRVariable().toString() } -} - -class SourceIRVariableIndirection extends SourceVariable, TSourceIRVariableIndirection { - InitializeIndirectionInstruction init; - - SourceIRVariableIndirection() { - this = TSourceIRVariableIndirection(init) and var = init.getIRVariable() - } - - override string toString() { result = "*" + this.getIRVariable().toString() } - - override predicate isIndirection() { any() } -} - -predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) { - DataFlowImplCommon::forceCachingInSameStage() and - exists(Ssa::Def def | - def.hasRankInBlock(bb, i) and - v = def.getSourceVariable() and - (if def.isCertain() then certain = true else certain = false) - ) -} - -predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { - exists(Ssa::Use use | - use.hasRankInBlock(bb, i) and - v = use.getSourceVariable() and - certain = true - ) -} +predicate variableRead = Ssa::variableRead/4; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll similarity index 90% rename from cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll rename to cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 62b0a6afeb5..5844e192767 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -1,12 +1,47 @@ import SsaImplCommon -import SsaImplSpecific private import cpp as Cpp private import semmle.code.cpp.ir.IR private import DataFlowUtil -private import DataFlowPrivate +private import DataFlowImplCommon as DataFlowImplCommon private import semmle.code.cpp.models.interfaces.Allocation as Alloc private import semmle.code.cpp.models.interfaces.DataFlow as DataFlow +private module SourceVariables { + private newtype TSourceVariable = + TSourceIRVariable(IRVariable var) or + TSourceIRVariableIndirection(InitializeIndirectionInstruction init) + + abstract class SourceVariable extends TSourceVariable { + IRVariable var; + + IRVariable getIRVariable() { result = var } + + abstract string toString(); + + predicate isIndirection() { none() } + } + + private class SourceIRVariable extends SourceVariable, TSourceIRVariable { + SourceIRVariable() { this = TSourceIRVariable(var) } + + override string toString() { result = this.getIRVariable().toString() } + } + + private class SourceIRVariableIndirection extends SourceVariable, TSourceIRVariableIndirection { + InitializeIndirectionInstruction init; + + SourceIRVariableIndirection() { + this = TSourceIRVariableIndirection(init) and var = init.getIRVariable() + } + + override string toString() { result = "*" + this.getIRVariable().toString() } + + override predicate isIndirection() { any() } + } +} + +import SourceVariables + cached private newtype TDefOrUse = TExplicitDef(Instruction store) { explicitWrite(_, store, _) } or @@ -509,3 +544,28 @@ private module Cached { } import Cached + +/** + * Holds if the `i`'th write in block `bb` writes to the variable `v`. + * `certain` is `true` if the write is guaranteed to overwrite the entire variable. + */ +predicate variableWrite(IRBlock bb, int i, SourceVariable v, boolean certain) { + DataFlowImplCommon::forceCachingInSameStage() and + exists(Def def | + def.hasRankInBlock(bb, i) and + v = def.getSourceVariable() and + (if def.isCertain() then certain = true else certain = false) + ) +} + +/** + * Holds if the `i`'th read in block `bb` reads to the variable `v`. + * `certain` is `true` if the read is guaranteed. For C++, this is always the case. + */ +predicate variableRead(IRBlock bb, int i, SourceVariable v, boolean certain) { + exists(Use use | + use.hasRankInBlock(bb, i) and + v = use.getSourceVariable() and + certain = true + ) +} From 490156d7db7de16bde2f76b1b379d1428bc9c335 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 28 Oct 2021 17:26:28 +0100 Subject: [PATCH 23/70] C++: Remove the 'isIndirection' predicate on 'SourceVariable' and move the rootdef of 'getIRVariable' into the two subclasses. --- .../cpp/ir/dataflow/internal/SsaInternals.qll | 37 ++++++++----------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 5844e192767..1dd3d61951a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -14,29 +14,27 @@ private module SourceVariables { abstract class SourceVariable extends TSourceVariable { IRVariable var; - IRVariable getIRVariable() { result = var } - abstract string toString(); - - predicate isIndirection() { none() } } - private class SourceIRVariable extends SourceVariable, TSourceIRVariable { + class SourceIRVariable extends SourceVariable, TSourceIRVariable { SourceIRVariable() { this = TSourceIRVariable(var) } + IRVariable getIRVariable() { result = var } + override string toString() { result = this.getIRVariable().toString() } } - private class SourceIRVariableIndirection extends SourceVariable, TSourceIRVariableIndirection { + class SourceIRVariableIndirection extends SourceVariable, TSourceIRVariableIndirection { InitializeIndirectionInstruction init; SourceIRVariableIndirection() { this = TSourceIRVariableIndirection(init) and var = init.getIRVariable() } - override string toString() { result = "*" + this.getIRVariable().toString() } + IRVariable getUnderlyingIRVariable() { result = var } - override predicate isIndirection() { any() } + override string toString() { result = "*" + this.getUnderlyingIRVariable().toString() } } } @@ -120,8 +118,7 @@ private class ExplicitDef extends Def, TExplicitDef { override SourceVariable getSourceVariable() { exists(VariableInstruction var | explicitWrite(_, this.getInstruction(), var) and - result.getIRVariable() = var.getIRVariable() and - not result.isIndirection() + result.(SourceIRVariable).getIRVariable() = var.getIRVariable() ) } @@ -132,11 +129,11 @@ private class ParameterDef extends Def, TInitializeParam { ParameterDef() { this = TInitializeParam(store) } override SourceVariable getSourceVariable() { - result.getIRVariable() = store.(InitializeParameterInstruction).getIRVariable() and - not result.isIndirection() + result.(SourceIRVariable).getIRVariable() = + store.(InitializeParameterInstruction).getIRVariable() or - result.getIRVariable() = store.(InitializeIndirectionInstruction).getIRVariable() and - result.isIndirection() + result.(SourceIRVariableIndirection).getUnderlyingIRVariable() = + store.(InitializeIndirectionInstruction).getIRVariable() } override predicate isCertain() { any() } @@ -166,12 +163,9 @@ private class ExplicitUse extends Use, TExplicitUse { override SourceVariable getSourceVariable() { exists(VariableInstruction var | use.getDef() = var and - result.getIRVariable() = var.getIRVariable() and - ( - if use.getUse() instanceof ReadSideEffectInstruction - then result.isIndirection() - else not result.isIndirection() - ) + if use.getUse() instanceof ReadSideEffectInstruction + then result.(SourceIRVariableIndirection).getUnderlyingIRVariable() = var.getIRVariable() + else result.(SourceIRVariable).getIRVariable() = var.getIRVariable() ) } } @@ -182,8 +176,7 @@ private class ReturnParameterIndirection extends Use, TReturnParamIndirection { override SourceVariable getSourceVariable() { exists(ReturnIndirectionInstruction ret | returnParameterIndirection(use, ret) and - result.getIRVariable() = ret.getIRVariable() and - result.isIndirection() + result.(SourceIRVariableIndirection).getUnderlyingIRVariable() = ret.getIRVariable() ) } } From 8a569da3704e335a242ffc9b025991fd31edf050 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 29 Oct 2021 14:05:34 +0100 Subject: [PATCH 24/70] C++: Fix comments. --- .../semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 1dd3d61951a..c82bd115980 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -407,13 +407,13 @@ private module Cached { */ cached predicate ssaFlow(Node nodeFrom, Node nodeTo) { - // Def-use/use-use flow from an `InstructionNode` to an `OperandNode`. + // Def-use/use-use flow from an `InstructionNode`. defUseFlow(nodeFrom, nodeTo) or - // Def-use flow from a `StoreNode` to an `OperandNode`. + // Def-use flow from a `StoreNode`. fromStoreNode(nodeFrom, nodeTo) or - // Use-use flow from a `ReadNode` to an `OperandNode` + // Use-use flow from a `ReadNode`. fromReadNode(nodeFrom, nodeTo) or fromPhiNode(nodeFrom, nodeTo) @@ -521,7 +521,7 @@ private module Cached { flowOutOfAddressStep(arith.getAUse(), nTo) ) or - // Flow through a modelled function that has parameter -> return value flow. + // Flow through a modeled function that has parameter -> return value flow. exists( CallInstruction call, int index, DataFlow::FunctionInput input, DataFlow::FunctionOutput output From cb4f10c609b4d49c68d3e74ebdc5a8a213d724ed Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 29 Oct 2021 14:49:33 +0100 Subject: [PATCH 25/70] C++: Move the union field check to the IPA branch of 'TFieldContent'. --- .../code/cpp/ir/dataflow/internal/DataFlowPrivate.qll | 2 -- .../semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 6 +++++- .../syntax-zoo/dataflow-ir-consistency.expected | 1 + 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index a8b9b59a2e8..2fac291a17a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -189,7 +189,6 @@ predicate jumpStep(Node n1, Node n2) { none() } */ predicate storeStep(StoreNode node1, FieldContent f, StoreNode node2) { exists(FieldAddressInstruction fai | - not fai.getObjectAddress().getResultType().stripType() instanceof Union and node1.getInstruction() = fai and node2.getInstruction() = fai.getObjectAddress() and f.getField() = fai.getField() @@ -203,7 +202,6 @@ predicate storeStep(StoreNode node1, FieldContent f, StoreNode node2) { */ predicate readStep(ReadNode node1, FieldContent f, ReadNode node2) { exists(FieldAddressInstruction fai | - not fai.getObjectAddress().getResultType().stripType() instanceof Union and node1.getInstruction() = fai.getObjectAddress() and node2.getInstruction() = fai and f.getField() = fai.getField() diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 20c6792e787..aab5316ef32 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -972,7 +972,11 @@ predicate localInstructionFlow(Instruction e1, Instruction e2) { predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) } private newtype TContent = - TFieldContent(Field f) or + TFieldContent(Field f) { + // As reads and writes to union fields can create flow even though the reads and writes + // target different fields, we don't want a read (write) to create a read (write) step. + not f.getDeclaringType() instanceof Union + } or TCollectionContent() or // Not used in C/C++ TArrayContent() // Not used in C/C++. diff --git a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected index d25d12c3372..eb10e5c6ccd 100644 --- a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected @@ -1959,6 +1959,7 @@ postWithInFlow | ir.cpp:522:9:522:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | | ir.cpp:522:16:522:21 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | | ir.cpp:522:16:522:21 | PointerAdd [post update] | PostUpdateNode should not be the target of local flow. | +| ir.cpp:531:7:531:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | | ir.cpp:531:11:531:16 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. | | ir.cpp:540:5:540:5 | y [post update] | PostUpdateNode should not be the target of local flow. | | ir.cpp:545:9:545:17 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | From f334201fced0322ac93886a6c8960088cc62fb8b Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 29 Oct 2021 14:51:23 +0100 Subject: [PATCH 26/70] Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll Co-authored-by: Jonas Jensen --- .../lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 2 -- 1 file changed, 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index aab5316ef32..69ba5703823 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -232,8 +232,6 @@ abstract class StoreNode extends Node { /** * Gets the `StoreNode` that computes the address used by this `StoreNode`. - * The boolean `readEffect` is `true` if the predecessor is accessed through the - * address of a `ReadSideEffectInstruction`. */ abstract StoreNode getAPredecessor(); From a75f195df3d50a8cc9d3eb9cef0dbd34aa2491c6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Sat, 30 Oct 2021 10:24:06 +0100 Subject: [PATCH 27/70] C++: Several readability fixes: 1. Added lots of QLDoc explanation about the role of StoreNodeOperand. 2. Renamed '{StoreNode,ReadNode}.getAPredecessor' to 'getInner' and '{StoreNode,ReadNode}.getASuccessor' to 'getOuter'. 3. Be more explicit about which type of 'StoreNode' is used in various places. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 2 +- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 100 +++++++++++++----- .../cpp/ir/dataflow/internal/SsaInternals.qll | 12 +-- 3 files changed, 79 insertions(+), 35 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 2fac291a17a..09d041d7a7e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -187,7 +187,7 @@ predicate jumpStep(Node n1, Node n2) { none() } * Thus, `node2` references an object with a field `f` that contains the * value of `node1`. */ -predicate storeStep(StoreNode node1, FieldContent f, StoreNode node2) { +predicate storeStep(StoreNodeInstr node1, FieldContent f, StoreNodeInstr node2) { exists(FieldAddressInstruction fai | node1.getInstruction() = fai and node2.getInstruction() = fai.getObjectAddress() and diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 69ba5703823..31b9831e8fc 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -206,13 +206,7 @@ class OperandNode extends Node, TOperandNode { * A `StoreNode` is a node that has been (or is about to be) the * source or target of a `storeStep`. */ -abstract class StoreNode extends Node { - /** Gets the underlying instruction, if any. */ - Instruction getInstruction() { none() } - - /** Gets the underlying operand, if any. */ - Operand getOperand() { none() } - +abstract private class StoreNode extends Node { /** Holds if this node should receive flow from `addr`. */ abstract predicate flowInto(Instruction addr); @@ -220,7 +214,7 @@ abstract class StoreNode extends Node { /** Holds if this `StoreNode` is the root of the address computation used by a store operation. */ predicate isTerminal() { - not exists(this.getAPredecessor()) and + not exists(this.getInner()) and not storeStep(this, _, _) } @@ -233,20 +227,21 @@ abstract class StoreNode extends Node { /** * Gets the `StoreNode` that computes the address used by this `StoreNode`. */ - abstract StoreNode getAPredecessor(); + abstract StoreNode getInner(); - /** The inverse of `StoreNode.getAPredecessor`. */ - final StoreNode getASuccessor() { result.getAPredecessor() = this } + /** The inverse of `StoreNode.getInner`. */ + final StoreNode getOuter() { result.getInner() = this } } -private class StoreNodeInstr extends StoreNode, TStoreNodeInstr { +class StoreNodeInstr extends StoreNode, TStoreNodeInstr { Instruction instr; StoreNodeInstr() { this = TStoreNodeInstr(instr) } override predicate flowInto(Instruction addr) { this.getInstruction() = addr } - override Instruction getInstruction() { result = instr } + /** Gets the underlying instruction. */ + Instruction getInstruction() { result = instr } override Function getFunction() { result = this.getInstruction().getEnclosingFunction() } @@ -262,19 +257,45 @@ private class StoreNodeInstr extends StoreNode, TStoreNodeInstr { Ssa::explicitWrite(_, result, this.getInstruction()) } - override StoreNode getAPredecessor() { + override StoreNodeInstr getInner() { Ssa::addressFlow(result.getInstruction(), this.getInstruction()) } } -private class StoreNodeOperand extends StoreNode, TStoreNodeOperand { +/** + * To avoid having `PostUpdateNode`s with multiple pre-update nodes (which can cause performance + * problems) we attach the `PostUpdateNode` that represent output arguments to an operand instead of + * an instruction. + * + * To see why we need this, consider the expression `b->set(new C())`. The IR of this expression looks + * like (simplified): + * ``` + * r1(glval) = FunctionAddress[set] : + * r2(glval) = FunctionAddress[operator new] : + * r3(unsigned long) = Constant[8] : + * r4(void *) = Call[operator new] : func:r2, 0:r3 + * r5(C *) = Convert : r4 + * r6(glval) = FunctionAddress[C] : + * v1(void) = Call[C] : func:r6, this:r5 + * v2(void) = Call[set] : func:r1, this:r0, 0:r5 + * ``` + * + * Notice that both the call to `C` and the call to `set` will have an argument that is the + * result of calling `operator new` (i.e., `r4`). If we only have `PostUpdateNode`s that are + * instructions, both `PostUpdateNode`s would have `r4` as their pre-update node. + * + * We avoid this issue by having a `PostUpdateNode` for each argument, and let the pre-update node of + * each `PostUpdateNode` be the argument _operand_, instead of the defining instruction. + */ +class StoreNodeOperand extends StoreNode, TStoreNodeOperand { ArgumentOperand operand; StoreNodeOperand() { this = TStoreNodeOperand(operand) } override predicate flowInto(Instruction addr) { this.getOperand().getDef() = addr } - override Operand getOperand() { result = operand } + /** Gets the underlying operand. */ + Operand getOperand() { result = operand } override Function getFunction() { result = operand.getDef().getEnclosingFunction() } @@ -288,7 +309,32 @@ private class StoreNodeOperand extends StoreNode, TStoreNodeOperand { Ssa::explicitWrite(_, result, operand.getDef()) } - override StoreNode getAPredecessor() { operand.getDef() = result.getInstruction() } + /** + * The result of `StoreNodeOperand.getInner` is the `StoreNodeInstr` representation the instruction + * that defines this operand. This means the graph of `getInner` looks like this: + * ``` + * I---I---I + * \ \ \ + * O O O + * ``` + * where each `StoreNodeOperand` "hooks" into the chain computed by `StoreNodeInstr.getInner`. + * This means that the chain of `getInner` calls on the argument `&o.f` on an expression + * like `func(&o.f)` is: + * ``` + * r4---r3---r2 + * \ + * 0:r4 + * ``` + * where the IR for `func(&o.f)` looks like (simplified): + * ``` + * r1(glval) = FunctionAddress[func] : + * r2(glval) = VariableAddress[o] : + * r3(glval) = FieldAddress[f] : r2 + * r4(int *) = CopyValue : r3 + * v1(void) = Call[func] : func:r1, 0:r4 + * ``` + */ + override StoreNodeInstr getInner() { operand.getDef() = result.getInstruction() } } /** @@ -326,22 +372,20 @@ class ReadNode extends Node, TReadNode { * Gets a read node with an underlying instruction that is used by this * underlying instruction to compute an address of a load instruction. */ - final ReadNode getAPredecessor() { - Ssa::addressFlow(result.getInstruction(), this.getInstruction()) - } + final ReadNode getInner() { Ssa::addressFlow(result.getInstruction(), this.getInstruction()) } - /** The inverse of `ReadNode.getAPredecessor`. */ - final ReadNode getASuccessor() { result.getAPredecessor() = this } + /** The inverse of `ReadNode.getInner`. */ + final ReadNode getOuter() { result.getInner() = this } /** Holds if this read node computes a value that will not be used for any future read nodes. */ final predicate isTerminal() { - not exists(this.getASuccessor()) and + not exists(this.getOuter()) and not readStep(this, _, _) } /** Holds if this read node computes a value that has not yet been used for any read operations. */ final predicate isInitial() { - not exists(this.getAPredecessor()) and + not exists(this.getInner()) and not readStep(_, _, this) } } @@ -787,7 +831,7 @@ private module ReadNodeFlow { /** Holds if the read node `nodeTo` should receive flow from the read node `nodeFrom`. */ predicate flowThrough(ReadNode nodeFrom, ReadNode nodeTo) { not readStep(nodeFrom, _, _) and - nodeFrom.getASuccessor() = nodeTo + nodeFrom.getOuter() = nodeTo } /** @@ -800,7 +844,7 @@ private module ReadNodeFlow { // Use-use flow to another use of the same variable instruction Ssa::ssaFlow(nFrom, nodeTo) or - not exists(nFrom.getAPredecessor()) and + not exists(nFrom.getInner()) and exists(Node store | Ssa::explicitWrite(_, store.asInstruction(), nFrom.getInstruction()) and Ssa::ssaFlow(store, nodeTo) @@ -833,7 +877,7 @@ private module StoreNodeFlow { predicate flowThrough(StoreNode nFrom, StoreNode nodeTo) { // Flow through a post update node that doesn't need a store step. not storeStep(nFrom, _, _) and - nodeTo.getASuccessor() = nFrom + nodeTo.getOuter() = nFrom } /** @@ -841,7 +885,7 @@ private module StoreNodeFlow { * This happens because we have traversed an entire chain of field dereferences * after a store operation. */ - predicate flowOutOf(StoreNode nFrom, Node nodeTo) { + predicate flowOutOf(StoreNodeInstr nFrom, Node nodeTo) { nFrom.isTerminal() and Ssa::ssaFlow(nFrom, nodeTo) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index c82bd115980..b79f1dc5ffa 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -327,7 +327,7 @@ private module Cached { ) } - private predicate fromStoreNode(StoreNode nodeFrom, Node nodeTo) { + private predicate fromStoreNode(StoreNodeInstr nodeFrom, Node nodeTo) { // Def-use flow from a `StoreNode`. exists(IRBlock bb1, int i1, IRBlock bb2, int i2, Def def, Use use | nodeFrom.isTerminal() and @@ -388,10 +388,10 @@ private module Cached { def.hasRankInBlock(block, rnk) and nodeTo.hasInputAtRankInBlock(block, rnk) | - exists(StoreNode store | - store = nodeFrom and - store.isTerminal() and - def.getInstruction() = store.getStoreInstruction() + exists(StoreNodeInstr storeNode | + storeNode = nodeFrom and + storeNode.isTerminal() and + def.getInstruction() = storeNode.getStoreInstruction() ) or def.getInstruction() = nodeFrom.asInstruction() @@ -466,7 +466,7 @@ private module Cached { operand.getDef() = readNode.getInstruction() ) or - exists(StoreNode storeNode, Instruction def | + exists(StoreNodeInstr storeNode, Instruction def | storeNode = nTo and def = operand.getDef() | From d624259eabcf3311017687e208fedb2fbcfb3f43 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Sat, 30 Oct 2021 10:42:47 +0100 Subject: [PATCH 28/70] C++: Add QLDoc to 'flowOutOfAddressStep'. --- .../cpp/ir/dataflow/internal/SsaInternals.qll | 42 +++++++++++++------ 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index b79f1dc5ffa..5b7446f1a6e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -459,15 +459,31 @@ private module Cached { ) } - private predicate flowOutOfAddressStep(Operand operand, Node nTo) { + /** + * The role of `flowOutOfAddressStep` is to select the node for which we want dataflow to end up in + * after the shared SSA library's `adjacentDefRead` predicate has determined that `operand` is the + * next use of some variable. + * + * More precisely, this predicate holds if `operand` is an operand that represents an address, and: + * - `nodeTo` is the next load of that address, or + * - `nodeTo` is a `ReadNode` that uses the definition of `operand` to start a sequence of reads, or + * - `nodeTo` is the outer-most `StoreNode` that uses the address represented by `operand`. We obtain + * use-use flow in this case since `StoreNodeFlow::flowOutOf` will then provide flow to the next of + * of `operand`. + * + * There is one final (slightly annoying) case: When `operand` is a an argument to a modeled function + * without any `ReadSideEffect` (such as `std::move`). Here, the address flows from the argument to + * the return value, which might then be read later. + */ + private predicate flowOutOfAddressStep(Operand operand, Node nodeTo) { // Flow into a read node - exists(ReadNode readNode | readNode = nTo | + exists(ReadNode readNode | readNode = nodeTo | readNode.isInitial() and operand.getDef() = readNode.getInstruction() ) or exists(StoreNodeInstr storeNode, Instruction def | - storeNode = nTo and + storeNode = nodeTo and def = operand.getDef() | storeNode.isTerminal() and @@ -477,48 +493,48 @@ private module Cached { explicitWrite(false, storeNode.getStoreInstruction(), def) ) or - operand = getSourceAddressOperand(nTo.asInstruction()) + operand = getSourceAddressOperand(nodeTo.asInstruction()) or exists(ReturnIndirectionInstruction ret | ret.getSourceAddressOperand() = operand and - ret = nTo.asInstruction() + ret = nodeTo.asInstruction() ) or exists(ReturnValueInstruction ret | ret.getReturnAddressOperand() = operand and - nTo.asInstruction() = ret + nodeTo.asInstruction() = ret ) or exists(CallInstruction call, int index, ReadSideEffectInstruction read | call.getArgumentOperand(index) = operand and read = getSideEffectFor(call, index) and - nTo.asOperand() = read.getSideEffectOperand() + nodeTo.asOperand() = read.getSideEffectOperand() ) or exists(CopyInstruction copy | not exists(getSourceAddressOperand(copy)) and copy.getSourceValueOperand() = operand and - flowOutOfAddressStep(copy.getAUse(), nTo) + flowOutOfAddressStep(copy.getAUse(), nodeTo) ) or exists(ConvertInstruction convert | convert.getUnaryOperand() = operand and - flowOutOfAddressStep(convert.getAUse(), nTo) + flowOutOfAddressStep(convert.getAUse(), nodeTo) ) or exists(CheckedConvertOrNullInstruction convert | convert.getUnaryOperand() = operand and - flowOutOfAddressStep(convert.getAUse(), nTo) + flowOutOfAddressStep(convert.getAUse(), nodeTo) ) or exists(InheritanceConversionInstruction convert | convert.getUnaryOperand() = operand and - flowOutOfAddressStep(convert.getAUse(), nTo) + flowOutOfAddressStep(convert.getAUse(), nodeTo) ) or exists(PointerArithmeticInstruction arith | arith.getLeftOperand() = operand and - flowOutOfAddressStep(arith.getAUse(), nTo) + flowOutOfAddressStep(arith.getAUse(), nodeTo) ) or // Flow through a modeled function that has parameter -> return value flow. @@ -531,7 +547,7 @@ private module Cached { not getSideEffectFor(call, index) instanceof ReadSideEffectInstruction and input.isParameter(index) and output.isReturnValue() and - flowOutOfAddressStep(call.getAUse(), nTo) + flowOutOfAddressStep(call.getAUse(), nodeTo) ) } } From d34e731f1db5eca97aef475f035e40517a938d61 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Sat, 30 Oct 2021 11:29:07 +0100 Subject: [PATCH 29/70] C++: Add a small QLDoc novel above the IPA type for 'TIRDataFlowNode'. --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 31b9831e8fc..c3455d4790a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -15,6 +15,45 @@ private import SsaInternals as Ssa cached private module Cached { + /** + * The IR dataflow graph consists of the following nodes: + * - `InstructionNode`, which represents an `Instruction` in the graph. + * - `OperandNode`, which represents an `Operand` in the graph. + * - `VariableNode`, which is used to model global variables. + * - Two kinds of `StoreNode`s: + * 1. `StoreNodeInstr`, which represents the value of an address computed by an `Instruction` that + * has been updated by a write operation. + * 2. `StoreNodeOperand`, which represents the value of an address in an `ArgumentOperand` after a + * function call that may have changed the value. + * - `ReadNode`, which represents the result of reading a field of an object. + * - `SsaPhiNode`, which represents phi nodes as computed by the shared SSA library. + * + * The following section describes how flow is generally transferred between these nodes: + * - Flow between `InstructionNode`s and `OperandNode`s follow the def-use information as computed by + * the IR. Because the IR compute must-alias information for memory operands, we only follow def-use + * flow for register operands. + * - Flow can enter a `StoreNode` in two ways (both done in `StoreNode.flowInto`): + * 1. Flow is transferred from a `StoreValueOperand` to a `StoreNodeInstr`. Flow will then proceed + * along the chain of addresses computed by `StoreNodeInstr.getInner` to identify field writes + * and call `storeStep` accordingly (i.e., for an expression like `a.b.c = x`, we visit `c`, then + * `b`, then `a`). + * 2. Flow is transfered from a `WriteSideEffectInstruction` to a `StoreNodeOperand` after flow + * returns to a caller. Flow will then proceed to the defining instruction of the operand (because + * the `StoreNodeInstr` computed by `StoreNodeOperand.getInner()` is the `StoreNode` containing + * the defining instruction), and then along the chain computed by `StoreNodeInstr.getInner` like + * above. + * In both cases, flow leaves a `StoreNode` once the entire chain has been traversed, and the shared + * SSA library is used to find the next use of the variable at the end of the chain. + * - Flow can enter a `ReadNode` through an `OperandNode` that represents an address of some variable. + * Flow will then proceed along the chain of addresses computed by `ReadNode.getOuter` (i.e., for an + * expression like `use(a.b.c)` we visit `a`, then `b`, then `c`) and call `readStep` accordingly. + * Once the entire chain has been traversed, flow is transferred to the load instruction that reads + * the final address of the chain. + * - Flow can enter a `SsaPhiNode` from an `InstructionNode`, a `StoreNode` or another `SsaPhiNode` + * (in `toPhiNode`), depending on which node provided the previous definition of the underlying + * variable. Flow leaves a `SsaPhiNode` (in `fromPhiNode`) by using the shared SSA library to + * determine the next use of the variable. + */ cached newtype TIRDataFlowNode = TInstructionNode(Instruction i) or From 092beb8b73cc23c20f568246fb8e6568d51ed608 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 2 Nov 2021 10:59:34 +0000 Subject: [PATCH 30/70] C++: Don't count write operations as uses. --- .../code/cpp/ir/dataflow/internal/SsaInternals.qll | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 5b7446f1a6e..b953d65a151 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -182,10 +182,16 @@ private class ReturnParameterIndirection extends Use, TReturnParamIndirection { } private predicate isExplicitUse(Operand op) { - op.getDef() instanceof VariableAddressInstruction and - not exists(LoadInstruction load | - load.getSourceAddressOperand() = op and - load.getAUse().getUse() instanceof InitializeIndirectionInstruction + exists(VariableAddressInstruction vai | vai = op.getDef() | + // Don't include this operand as a use if it only exists to initialize the + // indirection of a parameter. + not exists(LoadInstruction load | + load.getSourceAddressOperand() = op and + load.getAUse().getUse() instanceof InitializeIndirectionInstruction + ) and + // Don't include this operand as a use if the only use of the address is for a write + // that definately overrides a variable. + not (explicitWrite(true, _, vai) and exists(unique( | | vai.getAUse()))) ) } From 56cabb8f4609aaf543f36aeef87a90dfba2d572c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 2 Nov 2021 12:52:11 +0000 Subject: [PATCH 31/70] C++: Add comments to some of the disjuncts in 'addressFlow'. --- .../semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index b953d65a151..db2204fa9b9 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -215,8 +215,16 @@ predicate addressFlow(Instruction iFrom, Instruction iTo) { or iTo.(FieldAddressInstruction).getObjectAddress() = iFrom or + // We traverse `LoadInstruction`s since we want to conclude that the + // destination of the store operation `*x = source()` is derived from `x`. iTo.(LoadInstruction).getSourceAddress() = iFrom or + // We want to include `ReadSideEffectInstruction`s for the same reason that we include + // `LoadInstruction`s, but only when a `WriteSideEffectInstruction` for the same index exists as well + // (as otherwise we know that the callee won't override the data). However, given an index `i`, the + // destination of the `WriteSideEffectInstruction` for `i` is identical to the source address of the + // `ReadSideEffectInstruction` for `i`. So we don't have to talk about the `ReadSideEffectInstruction` + // at all. exists(WriteSideEffectInstruction write | write.getPrimaryInstruction() = iTo and write.getDestinationAddress() = iFrom From 3e6ac74d734428fe5782ded38050b51db164460c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 2 Nov 2021 13:02:46 +0000 Subject: [PATCH 32/70] C++: Add 'InheritanceConversionInstruction' to the list of instructions that set 'certain = false' in 'explicitWrite'. --- .../semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index db2204fa9b9..d6db1e8b5fe 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -315,11 +315,14 @@ predicate explicitWrite(boolean certain, Instruction instr, Instruction address) exists(StoreInstruction store | store = instr and addressFlowTC(address, store.getDestinationAddress()) | + // Set `certain = false` if the address is derived from any instructions that prevents us from + // concluding that the entire variable is overridden. if addressFlowTC(any(Instruction i | i instanceof FieldAddressInstruction or i instanceof PointerArithmeticInstruction or - i instanceof LoadInstruction + i instanceof LoadInstruction or + i instanceof InheritanceConversionInstruction ), store.getDestinationAddress()) then certain = false else certain = true From 07d5086b0792931795e2e859d3e5dedaf09950b8 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 2 Nov 2021 14:59:27 +0100 Subject: [PATCH 33/70] Python: support user defined taint source --- .../tainttracking/defaultAdditionalTaintStep/test_async.py | 2 +- python/ql/test/experimental/meta/InlineTaintTest.qll | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py index 509a20c9010..5bdb47bd149 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py @@ -45,7 +45,7 @@ async def test_async_for(): iter = AsyncIter() taint(iter) async for tainted in iter: - ensure_tainted(tainted) # $ MISSING: tainted + ensure_tainted(tainted) # $ tainted diff --git a/python/ql/test/experimental/meta/InlineTaintTest.qll b/python/ql/test/experimental/meta/InlineTaintTest.qll index e82d1249733..469949a24db 100644 --- a/python/ql/test/experimental/meta/InlineTaintTest.qll +++ b/python/ql/test/experimental/meta/InlineTaintTest.qll @@ -38,6 +38,12 @@ class TestTaintTrackingConfiguration extends TaintTracking::Configuration { "TAINTED_STRING", "TAINTED_BYTES", "TAINTED_LIST", "TAINTED_DICT" ] or + // User defined sources + exists(CallNode call | + call.getFunction().(NameNode).getId() = "taint" and + source.(DataFlow::CfgNode).getNode() = call.getAnArg() + ) + or source instanceof RemoteFlowSource } From 768932d7b3f7edb021820343bc742b26a8859520 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Thu, 28 Oct 2021 09:45:37 +0200 Subject: [PATCH 34/70] Python: Add tainttracking step that was removed when the correpsonding datadlow step was removed. --- .../new/internal/TaintTrackingPrivate.qll | 23 +++++++++++++++++++ .../defaultAdditionalTaintStep/test_async.py | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll index 313b5e3410b..13a576de9d0 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll @@ -53,6 +53,8 @@ private module Cached { DataFlowPrivate::iterableUnpackingStoreStep(nodeFrom, _, nodeTo) or awaitStep(nodeFrom, nodeTo) + or + asyncWithStep(nodeFrom, nodeTo) } } @@ -211,3 +213,24 @@ predicate copyStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) { predicate awaitStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { nodeTo.asExpr().(Await).getValue() = nodeFrom.asExpr() } + +/** + * Holds if taint can flow from `nodeFrom` to `nodeTo` inside an `async with` statement. + * + * For example in + * ```python + * async with open("foo") as f: + * ``` + * the variable `f` is tainted if the result of `open("foo")` is tainted. + */ +predicate asyncWithStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + exists(With with, ControlFlowNode contextManager, ControlFlowNode var | + nodeFrom.(DataFlow::CfgNode).getNode() = contextManager and + nodeTo.(DataFlow::EssaNode).getVar().getDefinition().(WithDefinition).getDefiningNode() = var and + // see `with_flow` in `python/ql/src/semmle/python/dataflow/Implementation.qll` + with.getContextExpr() = contextManager.getNode() and + with.getOptionalVars() = var.getNode() and + with.isAsync() and + contextManager.strictlyDominates(var) + ) +} diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py index 5bdb47bd149..0142fc06c07 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_async.py @@ -31,7 +31,7 @@ async def test_async_with(): ctx = AsyncContext() taint(ctx) async with ctx as tainted: - ensure_tainted(tainted) # $ MISSING: tainted + ensure_tainted(tainted) # $ tainted class AsyncIter: From 05aa314ac9b5d38bb7a30e30aced9b27b2797888 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Wed, 3 Nov 2021 10:54:36 +0100 Subject: [PATCH 35/70] Python: Add tests for non-async constructs --- .../defaultAdditionalTaintStep/test_syntax.py | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py new file mode 100644 index 00000000000..1811c8c1e05 --- /dev/null +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py @@ -0,0 +1,45 @@ +# Add taintlib to PATH so it can be imported during runtime without any hassle +import sys; import os; sys.path.append(os.path.dirname(os.path.dirname((__file__)))) +from taintlib import * + +# This has no runtime impact, but allows autocomplete to work +from typing import TYPE_CHECKING +if TYPE_CHECKING: + from ..taintlib import * + + +# Actual tests + +class Context: + def __enter__(self): + return TAINTED_STRING + + def __exit__(self, exc_type, exc, tb): + pass + +def test_with(): + ctx = Context() + taint(ctx) + with ctx as tainted: + ensure_tainted(tainted) # $ tainted + + +class Iter: + def __iter__(self): + return self + + def __next__(self): + raise StopIteration + +def test_for(): + iter = Iter() + taint(iter) + for tainted in iter: + ensure_tainted(tainted) # $ tainted + + + +# Make tests runable + +test_with() +test_for() From ad5619ff072295b1b48d89043e7aa16ad83a4c37 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 3 Nov 2021 10:37:32 +0000 Subject: [PATCH 36/70] Revert "C++: Don't count write operations as uses." This reverts commit 092beb8b73cc23c20f568246fb8e6568d51ed608. --- .../code/cpp/ir/dataflow/internal/SsaInternals.qll | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index d6db1e8b5fe..466c8077d85 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -182,16 +182,10 @@ private class ReturnParameterIndirection extends Use, TReturnParamIndirection { } private predicate isExplicitUse(Operand op) { - exists(VariableAddressInstruction vai | vai = op.getDef() | - // Don't include this operand as a use if it only exists to initialize the - // indirection of a parameter. - not exists(LoadInstruction load | - load.getSourceAddressOperand() = op and - load.getAUse().getUse() instanceof InitializeIndirectionInstruction - ) and - // Don't include this operand as a use if the only use of the address is for a write - // that definately overrides a variable. - not (explicitWrite(true, _, vai) and exists(unique( | | vai.getAUse()))) + op.getDef() instanceof VariableAddressInstruction and + not exists(LoadInstruction load | + load.getSourceAddressOperand() = op and + load.getAUse().getUse() instanceof InitializeIndirectionInstruction ) } From 1f89b4987b76bffecdd4a0574c9508dbf0b0afc2 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 3 Nov 2021 12:22:27 +0000 Subject: [PATCH 37/70] C++: Rename 'valueFlow' to 'conversionFlow' and add a QLDoc that explains its purpose. --- .../code/cpp/ir/dataflow/internal/SsaInternals.qll | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 466c8077d85..d073d6ca48a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -361,13 +361,13 @@ private module Cached { bb.getInstruction(i1) = write and bb.getInstruction(i2) = op.getUse() and // Flow to an instruction that occurs later in the block. - valueFlow*(nodeFrom.getInstruction(), op.getDef()) and + conversionFlow*(nodeFrom.getInstruction(), op.getDef()) and nodeTo.asOperand() = op and i2 > i1 and // There is no previous instruction that also occurs after `nodeFrom`. not exists(Instruction instr, int i | bb.getInstruction(i) = instr and - valueFlow(instr, op.getDef()) and + conversionFlow(instr, op.getDef()) and i1 < i and i < i2 ) @@ -450,7 +450,14 @@ private module Cached { ) } - private predicate valueFlow(Instruction iFrom, Instruction iTo) { + /** + * Holds if `iTo` is a conversion-like instruction that copies + * the value computed by `iFrom`. + * + * This predicate is used by `fromStoreNode` to find the next use of a pointer that + * points to freshly allocated memory. + */ + private predicate conversionFlow(Instruction iFrom, Instruction iTo) { iTo.(CopyValueInstruction).getSourceValue() = iFrom or iTo.(ConvertInstruction).getUnary() = iFrom From 43a47952726efc1f424887cab860c6cd6aeeee8c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 3 Nov 2021 13:19:43 +0000 Subject: [PATCH 38/70] C++: Remove redundant conjunct. --- .../semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index d073d6ca48a..713921174a1 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -76,10 +76,7 @@ private class DefOrUse extends TDefOrUse { /** Holds if this definition or use has rank `rank` in block `block`. */ cached - final predicate hasRankInBlock(IRBlock block, int rnk) { - block = getBlock() and - rnk = getRank(this, block) - } + final predicate hasRankInBlock(IRBlock block, int rnk) { rnk = getRank(this, block) } /** Gets the location of this element. */ abstract Cpp::Location getLocation(); From 4095c2012e214a9e05575f8efdda5f4735dc919c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 3 Nov 2021 13:27:26 +0000 Subject: [PATCH 39/70] C++: Add comments on why 'ReferenceToInstruction' is interpreted like a 'LoadInstruction' at certain places. --- .../semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 713921174a1..1a353072be5 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -267,6 +267,9 @@ Operand getSourceAddressOperand(Instruction instr) { [ instr.(LoadInstruction).getSourceAddressOperand(), instr.(ReadSideEffectInstruction).getArgumentOperand(), + // `ReferenceToInstruction` is really more of an address-of operation, + // but by including it in this list we break out of `flowOutOfAddressStep` at an + // instruction that, at the source level, looks like a use of a variable. instr.(ReferenceToInstruction).getSourceAddressOperand() ] } @@ -293,6 +296,8 @@ Operand getSourceValueOperand(Instruction instr) { or result = instr.(ReadSideEffectInstruction).getSideEffectOperand() or + // See the comment on the `ReferenceToInstruction` disjunct in `getSourceAddressOperand` for why + // this case is included. result = instr.(ReferenceToInstruction).getSourceValueOperand() } From 3bfa8681057459964464f59201a5bfc2acdfe2c2 Mon Sep 17 00:00:00 2001 From: james Date: Thu, 4 Nov 2021 09:53:32 +0000 Subject: [PATCH 40/70] add new option to database analyze tutorial --- .../codeql-cli/analyzing-databases-with-the-codeql-cli.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst index effc34f3a1d..0ea124501e1 100644 --- a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst @@ -63,6 +63,11 @@ You can also specify: language to the GitHub code scanning API. For more information about this use case, see `Configuring CodeQL CLI in your CI system `__ in the GitHub documentation. +- ``--sarif-add-query-help``: (supported in version 2.7.1 onwards) adds any custom query help written + in Markdown to SARIF (v2.1.0 or later) analysis results. For each query that runs, CodeQL command + replaces the ``.ql`` extension of the query file with ``.md``. If the .md file exists, + its contents are treated as Markdown-formatted help text for the query and included in the SARIF output. + - .. include:: ../reusables/threads-query-execution.rst From af0f32fdb69e254f9c07f72ddb167442b69d6196 Mon Sep 17 00:00:00 2001 From: james Date: Thu, 4 Nov 2021 12:36:27 +0000 Subject: [PATCH 41/70] further changes for query help in sarif --- ...nalyzing-databases-with-the-codeql-cli.rst | 20 ++++++++++++++++--- .../codeql-cli/testing-query-help-files.rst | 4 ++++ .../query-help-files.rst | 7 +++++++ 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst index 0ea124501e1..6ffe08708bd 100644 --- a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst @@ -64,9 +64,9 @@ You can also specify: see `Configuring CodeQL CLI in your CI system `__ in the GitHub documentation. - ``--sarif-add-query-help``: (supported in version 2.7.1 onwards) adds any custom query help written - in Markdown to SARIF (v2.1.0 or later) analysis results. For each query that runs, CodeQL command - replaces the ``.ql`` extension of the query file with ``.md``. If the .md file exists, - its contents are treated as Markdown-formatted help text for the query and included in the SARIF output. + in Markdown to SARIF (v2.1.0 or later) analysis results. Query help stored in ``.qhelp`` files must be + converted to ``.md`` before running the analysis. For further information, + see ":doc:`Testing query help files `." - .. include:: ../reusables/threads-query-execution.rst @@ -206,6 +206,20 @@ A SARIF results file is generated. Specifying ``--format=sarif-latest`` ensures that the results are formatted according to the most recent SARIF specification supported by CodeQL. +.. _including-query-help-for-custom-codeql-queries-in-sarif-files: + +Including query help for custom CodeQL queries in SARIF files +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Code scanning does not process ``.qhelp`` files for custom CodeQL queries, so to show +query help for custom queries in the code scanning UI you must include markdown-rendered query help +in SARIF files generated during an analysis. + +For CodeQL CLI 2.7.1 onwards, you can include markdown-rendered query help in SARIF files +by providing the ``--sarif-add-query-help`` option when running +``codeql database analyze``. Query help written in ``.qhelp`` files cannot be include in SARIF files, +somust be converted to markdown before running the analysis. For more information, see +":doc:`Testing query help files `." Results ------- diff --git a/docs/codeql/codeql-cli/testing-query-help-files.rst b/docs/codeql/codeql-cli/testing-query-help-files.rst index ba5cf3901e7..0aafed4f8e7 100644 --- a/docs/codeql/codeql-cli/testing-query-help-files.rst +++ b/docs/codeql/codeql-cli/testing-query-help-files.rst @@ -15,6 +15,10 @@ in the CodeQL repository. The CodeQL CLI includes a command to test query help and render the content as markdown, so that you can easily preview the content in your IDE. Use the command to validate query help files before uploading them to the CodeQL repository or sharing them with other users. +For CodeQL CLI 2.7.1 onwards, you can also include the markdown-rendered query help in SARIF files +generated during CodeQL analyses so that the query help can be displayed in the code scanning UI. +For more information, see +":ref:`Analyzing databases with the CodeQL CLI `." Prerequisites ------------- diff --git a/docs/codeql/writing-codeql-queries/query-help-files.rst b/docs/codeql/writing-codeql-queries/query-help-files.rst index b19ff548a66..60c37fce84f 100644 --- a/docs/codeql/writing-codeql-queries/query-help-files.rst +++ b/docs/codeql/writing-codeql-queries/query-help-files.rst @@ -40,6 +40,13 @@ Query help files are written using a custom XML format, and stored in a file wit The header and single top-level ``qhelp`` element are both mandatory. The following sections explain additional elements that you may include in your query help files. +.. pull-quote:: + + Code scanning does not process ``.qhelp`` files for custom CodeQL queries, so to show + query help for custom queries in the code scanning UI you must convert the ``.qhelp`` files to markdown + and then include the markdown-rendered query help in SARIF files generated during an analysis. + For more information, see + ":ref:`Analyzing databases with the CodeQL CLI `." Section-level elements ====================== From 7236f3b4b6d5d4260ab0426d75d119f553f6bdbd Mon Sep 17 00:00:00 2001 From: james Date: Thu, 4 Nov 2021 12:41:30 +0000 Subject: [PATCH 42/70] improve description of new option --- .../analyzing-databases-with-the-codeql-cli.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst index 6ffe08708bd..bc59af7b2fb 100644 --- a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst @@ -64,9 +64,9 @@ You can also specify: see `Configuring CodeQL CLI in your CI system `__ in the GitHub documentation. - ``--sarif-add-query-help``: (supported in version 2.7.1 onwards) adds any custom query help written - in Markdown to SARIF (v2.1.0 or later) analysis results. Query help stored in ``.qhelp`` files must be + in markdown to SARIF files (v2.1.0 or later) generated by the analysis. Query help stored in ``.qhelp`` files must be converted to ``.md`` before running the analysis. For further information, - see ":doc:`Testing query help files `." + see ":doc:`Including query help for custom CodeQL queries in SARIF files `." - .. include:: ../reusables/threads-query-execution.rst @@ -218,8 +218,8 @@ in SARIF files generated during an analysis. For CodeQL CLI 2.7.1 onwards, you can include markdown-rendered query help in SARIF files by providing the ``--sarif-add-query-help`` option when running ``codeql database analyze``. Query help written in ``.qhelp`` files cannot be include in SARIF files, -somust be converted to markdown before running the analysis. For more information, see -":doc:`Testing query help files `." +so must be converted to markdown before running the analysis. For more information, see +":ref:`Testing query help files `." Results ------- From a56a5e4e7daa88da2da555f4ae918563cb88fef6 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 4 Nov 2021 14:11:45 +0100 Subject: [PATCH 43/70] Ruby: Add type tracker tests --- .../type-tracker/TypeTracker.expected | 130 ++++++++++++++++++ .../dataflow/type-tracker/TypeTracker.ql | 18 +++ .../dataflow/type-tracker/type_tracker.rb | 16 +++ 3 files changed, 164 insertions(+) create mode 100644 ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected create mode 100644 ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.ql create mode 100644 ruby/ql/test/library-tests/dataflow/type-tracker/type_tracker.rb diff --git a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected new file mode 100644 index 00000000000..5875add51e7 --- /dev/null +++ b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected @@ -0,0 +1,130 @@ +track +| type_tracker.rb:2:5:5:7 | &block | type tracker without call steps | type_tracker.rb:2:5:5:7 | &block | +| type_tracker.rb:2:5:5:7 | field= | type tracker without call steps | type_tracker.rb:2:5:5:7 | field= | +| type_tracker.rb:2:5:5:7 | return return in field= | type tracker without call steps | type_tracker.rb:2:5:5:7 | return return in field= | +| type_tracker.rb:2:5:5:7 | return return in field= | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:2:5:5:7 | self (field=) | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:2:5:5:7 | self (field=) | type tracker without call steps | type_tracker.rb:2:5:5:7 | self (field=) | +| type_tracker.rb:2:5:5:7 | self in field= | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:2:5:5:7 | self in field= | type tracker without call steps | type_tracker.rb:2:5:5:7 | self in field= | +| type_tracker.rb:2:16:2:18 | val | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:5:5:7 | return return in field= | +| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:3:9:3:23 | [post] self | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:3:9:3:23 | [post] self | type tracker without call steps | type_tracker.rb:3:9:3:23 | [post] self | +| type_tracker.rb:3:9:3:23 | call to puts | type tracker without call steps | type_tracker.rb:3:9:3:23 | call to puts | +| type_tracker.rb:3:9:3:23 | self | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:3:9:3:23 | self | type tracker without call steps | type_tracker.rb:3:9:3:23 | self | +| type_tracker.rb:3:14:3:17 | [post] self | type tracker without call steps | type_tracker.rb:3:14:3:17 | [post] self | +| type_tracker.rb:3:14:3:17 | self | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:3:14:3:17 | self | type tracker without call steps | type_tracker.rb:3:14:3:17 | self | +| type_tracker.rb:3:14:3:23 | [post] call to field | type tracker without call steps | type_tracker.rb:3:14:3:23 | [post] call to field | +| type_tracker.rb:3:14:3:23 | call to field | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | +| type_tracker.rb:4:9:4:14 | @field | type tracker without call steps | type_tracker.rb:4:9:4:14 | @field | +| type_tracker.rb:4:18:4:20 | val | type tracker without call steps | type_tracker.rb:2:5:5:7 | return return in field= | +| type_tracker.rb:4:18:4:20 | val | type tracker without call steps | type_tracker.rb:4:18:4:20 | val | +| type_tracker.rb:4:18:4:20 | val | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:7:5:9:7 | &block | type tracker without call steps | type_tracker.rb:7:5:9:7 | &block | +| type_tracker.rb:7:5:9:7 | field | type tracker without call steps | type_tracker.rb:7:5:9:7 | field | +| type_tracker.rb:7:5:9:7 | return return in field | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | +| type_tracker.rb:7:5:9:7 | return return in field | type tracker without call steps | type_tracker.rb:7:5:9:7 | return return in field | +| type_tracker.rb:7:5:9:7 | return return in field | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | +| type_tracker.rb:7:5:9:7 | self in field | type tracker without call steps | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | +| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:7:5:9:7 | return return in field | +| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:8:9:8:14 | @field | +| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | +| type_tracker.rb:12:1:16:3 | &block | type tracker without call steps | type_tracker.rb:12:1:16:3 | &block | +| type_tracker.rb:12:1:16:3 | m | type tracker without call steps | type_tracker.rb:12:1:16:3 | m | +| type_tracker.rb:12:1:16:3 | return return in m | type tracker without call steps | type_tracker.rb:12:1:16:3 | return return in m | +| type_tracker.rb:12:1:16:3 | self (m) | type tracker without call steps | type_tracker.rb:12:1:16:3 | self (m) | +| type_tracker.rb:12:1:16:3 | self in m | type tracker without call steps | type_tracker.rb:12:1:16:3 | self in m | +| type_tracker.rb:13:5:13:7 | var | type tracker without call steps | type_tracker.rb:13:5:13:7 | var | +| type_tracker.rb:13:11:13:19 | Container | type tracker without call steps | type_tracker.rb:13:11:13:19 | Container | +| type_tracker.rb:13:11:13:19 | [post] Container | type tracker without call steps | type_tracker.rb:13:11:13:19 | [post] Container | +| type_tracker.rb:13:11:13:23 | call to new | type tracker with call steps | type_tracker.rb:2:5:5:7 | self in field= | +| type_tracker.rb:13:11:13:23 | call to new | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:13:11:13:23 | call to new | type tracker without call steps | type_tracker.rb:13:11:13:23 | call to new | +| type_tracker.rb:14:5:14:7 | [post] var | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:14:5:14:7 | [post] var | type tracker without call steps | type_tracker.rb:14:5:14:7 | [post] var | +| type_tracker.rb:14:5:14:13 | [post] ... = ... | type tracker without call steps | type_tracker.rb:14:5:14:13 | [post] ... = ... | +| type_tracker.rb:14:5:14:13 | __synth__0 | type tracker without call steps | type_tracker.rb:14:5:14:13 | __synth__0 | +| type_tracker.rb:14:5:14:13 | call to field= | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:14:17:14:23 | "hello" | +| type_tracker.rb:15:5:15:18 | [post] self | type tracker without call steps | type_tracker.rb:15:5:15:18 | [post] self | +| type_tracker.rb:15:5:15:18 | call to puts | type tracker without call steps | type_tracker.rb:12:1:16:3 | return return in m | +| type_tracker.rb:15:5:15:18 | call to puts | type tracker without call steps | type_tracker.rb:15:5:15:18 | call to puts | +| type_tracker.rb:15:5:15:18 | self | type tracker without call steps | type_tracker.rb:15:5:15:18 | self | +| type_tracker.rb:15:10:15:12 | [post] var | type tracker without call steps | type_tracker.rb:15:10:15:12 | [post] var | +| type_tracker.rb:15:10:15:18 | [post] call to field | type tracker without call steps | type_tracker.rb:15:10:15:18 | [post] call to field | +| type_tracker.rb:15:10:15:18 | call to field | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | +trackEnd +| type_tracker.rb:2:5:5:7 | &block | type_tracker.rb:2:5:5:7 | &block | +| type_tracker.rb:2:5:5:7 | field= | type_tracker.rb:2:5:5:7 | field= | +| type_tracker.rb:2:5:5:7 | return return in field= | type_tracker.rb:2:5:5:7 | return return in field= | +| type_tracker.rb:2:5:5:7 | return return in field= | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:2:5:5:7 | self (field=) | type_tracker.rb:2:5:5:7 | self (field=) | +| type_tracker.rb:2:5:5:7 | self (field=) | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:2:5:5:7 | self in field= | type_tracker.rb:2:5:5:7 | self in field= | +| type_tracker.rb:2:5:5:7 | self in field= | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:5:5:7 | return return in field= | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:3:9:3:23 | [post] self | type_tracker.rb:3:9:3:23 | [post] self | +| type_tracker.rb:3:9:3:23 | [post] self | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:3:9:3:23 | call to puts | type_tracker.rb:3:9:3:23 | call to puts | +| type_tracker.rb:3:9:3:23 | self | type_tracker.rb:3:9:3:23 | self | +| type_tracker.rb:3:9:3:23 | self | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:3:14:3:17 | [post] self | type_tracker.rb:3:14:3:17 | [post] self | +| type_tracker.rb:3:14:3:17 | self | type_tracker.rb:3:14:3:17 | self | +| type_tracker.rb:3:14:3:17 | self | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:3:14:3:23 | [post] call to field | type_tracker.rb:3:14:3:23 | [post] call to field | +| type_tracker.rb:3:14:3:23 | call to field | type_tracker.rb:3:14:3:23 | call to field | +| type_tracker.rb:4:9:4:14 | @field | type_tracker.rb:4:9:4:14 | @field | +| type_tracker.rb:4:18:4:20 | val | type_tracker.rb:2:5:5:7 | return return in field= | +| type_tracker.rb:4:18:4:20 | val | type_tracker.rb:4:18:4:20 | val | +| type_tracker.rb:4:18:4:20 | val | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:7:5:9:7 | &block | type_tracker.rb:7:5:9:7 | &block | +| type_tracker.rb:7:5:9:7 | field | type_tracker.rb:7:5:9:7 | field | +| type_tracker.rb:7:5:9:7 | return return in field | type_tracker.rb:3:14:3:23 | call to field | +| type_tracker.rb:7:5:9:7 | return return in field | type_tracker.rb:7:5:9:7 | return return in field | +| type_tracker.rb:7:5:9:7 | return return in field | type_tracker.rb:15:10:15:18 | call to field | +| type_tracker.rb:7:5:9:7 | self in field | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:8:9:8:14 | @field | type_tracker.rb:3:14:3:23 | call to field | +| type_tracker.rb:8:9:8:14 | @field | type_tracker.rb:7:5:9:7 | return return in field | +| type_tracker.rb:8:9:8:14 | @field | type_tracker.rb:8:9:8:14 | @field | +| type_tracker.rb:8:9:8:14 | @field | type_tracker.rb:15:10:15:18 | call to field | +| type_tracker.rb:12:1:16:3 | &block | type_tracker.rb:12:1:16:3 | &block | +| type_tracker.rb:12:1:16:3 | m | type_tracker.rb:12:1:16:3 | m | +| type_tracker.rb:12:1:16:3 | return return in m | type_tracker.rb:12:1:16:3 | return return in m | +| type_tracker.rb:12:1:16:3 | self (m) | type_tracker.rb:12:1:16:3 | self (m) | +| type_tracker.rb:12:1:16:3 | self in m | type_tracker.rb:12:1:16:3 | self in m | +| type_tracker.rb:13:5:13:7 | var | type_tracker.rb:13:5:13:7 | var | +| type_tracker.rb:13:11:13:19 | Container | type_tracker.rb:13:11:13:19 | Container | +| type_tracker.rb:13:11:13:19 | [post] Container | type_tracker.rb:13:11:13:19 | [post] Container | +| type_tracker.rb:13:11:13:23 | call to new | type_tracker.rb:2:5:5:7 | self in field= | +| type_tracker.rb:13:11:13:23 | call to new | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:13:11:13:23 | call to new | type_tracker.rb:13:11:13:23 | call to new | +| type_tracker.rb:14:5:14:7 | [post] var | type_tracker.rb:7:5:9:7 | self in field | +| type_tracker.rb:14:5:14:7 | [post] var | type_tracker.rb:14:5:14:7 | [post] var | +| type_tracker.rb:14:5:14:13 | [post] ... = ... | type_tracker.rb:14:5:14:13 | [post] ... = ... | +| type_tracker.rb:14:5:14:13 | __synth__0 | type_tracker.rb:14:5:14:13 | __synth__0 | +| type_tracker.rb:14:5:14:13 | call to field= | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:14:17:14:23 | "hello" | +| type_tracker.rb:15:5:15:18 | [post] self | type_tracker.rb:15:5:15:18 | [post] self | +| type_tracker.rb:15:5:15:18 | call to puts | type_tracker.rb:12:1:16:3 | return return in m | +| type_tracker.rb:15:5:15:18 | call to puts | type_tracker.rb:15:5:15:18 | call to puts | +| type_tracker.rb:15:5:15:18 | self | type_tracker.rb:15:5:15:18 | self | +| type_tracker.rb:15:10:15:12 | [post] var | type_tracker.rb:15:10:15:12 | [post] var | +| type_tracker.rb:15:10:15:18 | [post] call to field | type_tracker.rb:15:10:15:18 | [post] call to field | +| type_tracker.rb:15:10:15:18 | call to field | type_tracker.rb:15:10:15:18 | call to field | diff --git a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.ql b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.ql new file mode 100644 index 00000000000..acd3c516009 --- /dev/null +++ b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.ql @@ -0,0 +1,18 @@ +import ruby +import codeql.ruby.DataFlow +import codeql.ruby.typetracking.TypeTracker + +class LocalSourceNode extends DataFlow::LocalSourceNode { + LocalSourceNode() { this.getLocation().getFile().getExtension() = "rb" } +} + +query predicate track(LocalSourceNode src, TypeTracker t, LocalSourceNode dst) { + t.start() and + dst = src + or + exists(TypeTracker t2, LocalSourceNode mid | track(src, t2, mid) and dst = mid.track(t2, t)) +} + +query predicate trackEnd(LocalSourceNode src, LocalSourceNode dst) { + track(src, TypeTracker::end(), dst) +} diff --git a/ruby/ql/test/library-tests/dataflow/type-tracker/type_tracker.rb b/ruby/ql/test/library-tests/dataflow/type-tracker/type_tracker.rb new file mode 100644 index 00000000000..aa2de7196a3 --- /dev/null +++ b/ruby/ql/test/library-tests/dataflow/type-tracker/type_tracker.rb @@ -0,0 +1,16 @@ +class Container + def field=(val) + puts self.field + @field = val + end + + def field + @field + end +end + +def m() + var = Container.new + var.field = "hello" + puts var.field +end From 1101b1054dbc3bdf07eba187297009ef495d6e75 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 4 Nov 2021 14:20:07 +0100 Subject: [PATCH 44/70] Ruby: Make target of `basicStoreStep` a normal data flow node --- .../lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll | 2 +- .../dataflow/type-tracker/TypeTracker.expected | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index 88cc5920772..4fb5d0bf474 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -99,7 +99,7 @@ predicate returnStep(Node nodeFrom, Node nodeTo) { * to `z` inside `bar`, even though this content write happens _after_ `bar` is * called. */ -predicate basicStoreStep(Node nodeFrom, DataFlowPublic::LocalSourceNode nodeTo, string content) { +predicate basicStoreStep(Node nodeFrom, Node nodeTo, string content) { // TODO: support SetterMethodCall inside TuplePattern exists(ExprNodes::MethodCallCfgNode call | content = getSetterCallAttributeName(call.getExpr()) and diff --git a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected index 5875add51e7..156b23d1b1a 100644 --- a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected +++ b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected @@ -55,7 +55,12 @@ track | type_tracker.rb:14:5:14:13 | call to field= | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:3:14:3:23 | call to field | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content field | type_tracker.rb:2:5:5:7 | self in field= | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content field | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:14:17:14:23 | "hello" | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps with content field | type_tracker.rb:13:11:13:23 | call to new | | type_tracker.rb:15:5:15:18 | [post] self | type tracker without call steps | type_tracker.rb:15:5:15:18 | [post] self | | type_tracker.rb:15:5:15:18 | call to puts | type tracker without call steps | type_tracker.rb:12:1:16:3 | return return in m | | type_tracker.rb:15:5:15:18 | call to puts | type tracker without call steps | type_tracker.rb:15:5:15:18 | call to puts | @@ -120,7 +125,9 @@ trackEnd | type_tracker.rb:14:5:14:13 | call to field= | type_tracker.rb:14:5:14:13 | call to field= | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:3:14:3:23 | call to field | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:14:17:14:23 | "hello" | +| type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:15:5:15:18 | [post] self | type_tracker.rb:15:5:15:18 | [post] self | | type_tracker.rb:15:5:15:18 | call to puts | type_tracker.rb:12:1:16:3 | return return in m | | type_tracker.rb:15:5:15:18 | call to puts | type_tracker.rb:15:5:15:18 | call to puts | From 3544c85445caf52449873cf90581e86532dda96c Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 4 Nov 2021 13:58:03 +0100 Subject: [PATCH 45/70] Ruby: Make the target of `basicStoreStep` the post-update node --- ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll | 2 +- .../library-tests/dataflow/type-tracker/TypeTracker.expected | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index 4fb5d0bf474..f71fb1bf6f1 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -103,7 +103,7 @@ predicate basicStoreStep(Node nodeFrom, Node nodeTo, string content) { // TODO: support SetterMethodCall inside TuplePattern exists(ExprNodes::MethodCallCfgNode call | content = getSetterCallAttributeName(call.getExpr()) and - nodeTo.(DataFlowPublic::ExprNode).getExprNode() = call.getReceiver() and + nodeTo.(DataFlowPrivate::PostUpdateNode).getPreUpdateNode().asExpr() = call.getReceiver() and call.getExpr() instanceof AST::SetterMethodCall and call.getArgument(call.getNumberOfArguments() - 1) = nodeFrom.(DataFlowPublic::ExprNode).getExprNode() diff --git a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected index 156b23d1b1a..4640f713f07 100644 --- a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected +++ b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected @@ -55,12 +55,10 @@ track | type_tracker.rb:14:5:14:13 | call to field= | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | -| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:3:14:3:23 | call to field | -| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content field | type_tracker.rb:2:5:5:7 | self in field= | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content field | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:14:17:14:23 | "hello" | | type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | -| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps with content field | type_tracker.rb:13:11:13:23 | call to new | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps with content field | type_tracker.rb:14:5:14:7 | [post] var | | type_tracker.rb:15:5:15:18 | [post] self | type tracker without call steps | type_tracker.rb:15:5:15:18 | [post] self | | type_tracker.rb:15:5:15:18 | call to puts | type tracker without call steps | type_tracker.rb:12:1:16:3 | return return in m | | type_tracker.rb:15:5:15:18 | call to puts | type tracker without call steps | type_tracker.rb:15:5:15:18 | call to puts | @@ -125,7 +123,6 @@ trackEnd | type_tracker.rb:14:5:14:13 | call to field= | type_tracker.rb:14:5:14:13 | call to field= | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:2:16:2:18 | val | -| type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:3:14:3:23 | call to field | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:14:17:14:23 | "hello" | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:15:5:15:18 | [post] self | type_tracker.rb:15:5:15:18 | [post] self | From 5ea93d64474e5acfc0f37e24bb40cc025602c823 Mon Sep 17 00:00:00 2001 From: james Date: Thu, 4 Nov 2021 14:54:30 +0000 Subject: [PATCH 46/70] further imrpovements --- ...nalyzing-databases-with-the-codeql-cli.rst | 22 ++++++++++++------- .../codeql-cli/testing-query-help-files.rst | 2 +- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst index bc59af7b2fb..0493d1e4985 100644 --- a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst @@ -66,7 +66,7 @@ You can also specify: - ``--sarif-add-query-help``: (supported in version 2.7.1 onwards) adds any custom query help written in markdown to SARIF files (v2.1.0 or later) generated by the analysis. Query help stored in ``.qhelp`` files must be converted to ``.md`` before running the analysis. For further information, - see ":doc:`Including query help for custom CodeQL queries in SARIF files `." + see ":ref:`Including query help for custom CodeQL queries in SARIF files `." - .. include:: ../reusables/threads-query-execution.rst @@ -211,15 +211,21 @@ supported by CodeQL. Including query help for custom CodeQL queries in SARIF files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Code scanning does not process ``.qhelp`` files for custom CodeQL queries, so to show -query help for custom queries in the code scanning UI you must include markdown-rendered query help -in SARIF files generated during an analysis. +If you use the CodeQL CLI to to run code scanning analyses on third party CI/CD systems, +you can include the query help for your custom queries in SARIF files generated during an analysis. +After uploading the SARIF file to GitHub, the query help is shown in the code scanning UI for any +alerts generated by the custom queries. -For CodeQL CLI 2.7.1 onwards, you can include markdown-rendered query help in SARIF files +From CodeQL CLI 2.7.1 onwards, you can include markdown-rendered query help in SARIF files by providing the ``--sarif-add-query-help`` option when running -``codeql database analyze``. Query help written in ``.qhelp`` files cannot be include in SARIF files, -so must be converted to markdown before running the analysis. For more information, see -":ref:`Testing query help files `." +``codeql database analyze``. + +You can write query help for custom queries directly in markdown file and save it alongside the +corresponding query. Alternatively, for consistency with the standard CodeQL queries, +you can write query help in the ``.qhelp`` format and convert it to markdown before +running the analysis. Query help written in ``.qhelp`` files can't be included in SARIF files, +and they can't be processed by code scanning. For more information, see +":doc:`Testing query help files `." Results ------- diff --git a/docs/codeql/codeql-cli/testing-query-help-files.rst b/docs/codeql/codeql-cli/testing-query-help-files.rst index 0aafed4f8e7..26cea264043 100644 --- a/docs/codeql/codeql-cli/testing-query-help-files.rst +++ b/docs/codeql/codeql-cli/testing-query-help-files.rst @@ -15,7 +15,7 @@ in the CodeQL repository. The CodeQL CLI includes a command to test query help and render the content as markdown, so that you can easily preview the content in your IDE. Use the command to validate query help files before uploading them to the CodeQL repository or sharing them with other users. -For CodeQL CLI 2.7.1 onwards, you can also include the markdown-rendered query help in SARIF files +From CodeQL CLI 2.7.1 onwards, you can also include the markdown-rendered query help in SARIF files generated during CodeQL analyses so that the query help can be displayed in the code scanning UI. For more information, see ":ref:`Analyzing databases with the CodeQL CLI `." From 624b79498006eede9fa6dc2b7985335714c46212 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Thu, 4 Nov 2021 16:38:35 +0100 Subject: [PATCH 47/70] Python: separate taint sources in `with` --- .../defaultAdditionalTaintStep/test_syntax.py | 31 ++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py index 1811c8c1e05..a605fa8f343 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py @@ -12,7 +12,7 @@ if TYPE_CHECKING: class Context: def __enter__(self): - return TAINTED_STRING + return "" def __exit__(self, exc_type, exc, tb): pass @@ -23,6 +23,33 @@ def test_with(): with ctx as tainted: ensure_tainted(tainted) # $ tainted +class Context_taint: + def __enter__(self): + return TAINTED_STRING + + def __exit__(self, exc_type, exc, tb): + pass + +def test_with_taint(): + ctx = Context_taint() + with ctx as tainted: + ensure_tainted(tainted) # $ MISSING: tainted + + +class Context_arg: + def __init__(self, arg): + self.arg = arg + + def __enter__(self): + return self.arg + + def __exit__(self, exc_type, exc, tb): + pass + +def test_with_arg(): + ctx = Context_arg(TAINTED_STRING) + with ctx as tainted: + ensure_tainted(tainted) # $ tainted class Iter: def __iter__(self): @@ -42,4 +69,6 @@ def test_for(): # Make tests runable test_with() +test_with_taint() +test_with_arg() test_for() From 8e496f7121cb29efd873c821962e08db1064762a Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 8 Nov 2021 10:46:54 +0000 Subject: [PATCH 48/70] C++: Pull in the latest changes to 'SsaImplCommon'. --- .../ir/dataflow/internal/SsaImplCommon.qll | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll index 395cb5cb171..eae5d23f544 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll @@ -141,25 +141,23 @@ private module Liveness { private import Liveness -/** Holds if `bb1` strictly dominates `bb2`. */ -private predicate strictlyDominates(BasicBlock bb1, BasicBlock bb2) { - bb1 = getImmediateBasicBlockDominator+(bb2) -} - -/** Holds if `bb1` dominates a predecessor of `bb2`. */ -private predicate dominatesPredecessor(BasicBlock bb1, BasicBlock bb2) { - exists(BasicBlock pred | pred = getABasicBlockPredecessor(bb2) | - bb1 = pred - or - strictlyDominates(bb1, pred) - ) -} - -/** Holds if `df` is in the dominance frontier of `bb`. */ -pragma[noinline] +/** + * Holds if `df` is in the dominance frontier of `bb`. + * + * This is equivalent to: + * + * ```ql + * bb = getImmediateBasicBlockDominator*(getABasicBlockPredecessor(df)) and + * not bb = getImmediateBasicBlockDominator+(df) + * ``` + */ private predicate inDominanceFrontier(BasicBlock bb, BasicBlock df) { - dominatesPredecessor(bb, df) and - not strictlyDominates(bb, df) + bb = getABasicBlockPredecessor(df) and not bb = getImmediateBasicBlockDominator(df) + or + exists(BasicBlock prev | inDominanceFrontier(prev, df) | + bb = getImmediateBasicBlockDominator(prev) and + not bb = getImmediateBasicBlockDominator(df) + ) } /** From c94bfc306a044e627827ec6c18d9141c9c7a326e Mon Sep 17 00:00:00 2001 From: james Date: Mon, 8 Nov 2021 11:18:41 +0000 Subject: [PATCH 49/70] improve links --- .../analyzing-databases-with-the-codeql-cli.rst | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst index 0493d1e4985..8b8b8dabf47 100644 --- a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst @@ -219,13 +219,16 @@ alerts generated by the custom queries. From CodeQL CLI 2.7.1 onwards, you can include markdown-rendered query help in SARIF files by providing the ``--sarif-add-query-help`` option when running ``codeql database analyze``. +For more information, see `Configuring CodeQL CLI in your CI system ` +in the GitHub documentation. -You can write query help for custom queries directly in markdown file and save it alongside the +You can write query help for custom queries directly in a markdown file and save it alongside the corresponding query. Alternatively, for consistency with the standard CodeQL queries, -you can write query help in the ``.qhelp`` format and convert it to markdown before -running the analysis. Query help written in ``.qhelp`` files can't be included in SARIF files, -and they can't be processed by code scanning. For more information, see -":doc:`Testing query help files `." +you can write query help in the ``.qhelp`` format. Query help written in ``.qhelp`` +files can't be included in SARIF files, and they can't be processed by code +scanning so must be converted to markdown before running +the analysis. For more information, see ":doc:`Query help files `" +and ":doc:`Testing query help files `." Results ------- From dfe77f844f68cacdb75db4249074a20fed120e6a Mon Sep 17 00:00:00 2001 From: james Date: Mon, 8 Nov 2021 11:59:53 +0000 Subject: [PATCH 50/70] fix errors in debugging-data-flow-queries-using-partial-flow.rst --- .../debugging-data-flow-queries-using-partial-flow.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/writing-codeql-queries/debugging-data-flow-queries-using-partial-flow.rst b/docs/codeql/writing-codeql-queries/debugging-data-flow-queries-using-partial-flow.rst index 05a12ad98ee..e3587550e7f 100644 --- a/docs/codeql/writing-codeql-queries/debugging-data-flow-queries-using-partial-flow.rst +++ b/docs/codeql/writing-codeql-queries/debugging-data-flow-queries-using-partial-flow.rst @@ -10,7 +10,6 @@ A typical data-flow query looks like this: .. code-block:: ql -:: class MyConfig extends TaintTracking::Configuration { MyConfig() { this = "MyConfig" } @@ -79,7 +78,8 @@ To avoid these problems, a data-flow ``Configuration`` comes with a mechanism fo */ final predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) { -As noted in the documentation for ``hasPartialFlow`` (for example, in the `CodeQL for Java documentation __`) you must first enable this by adding an override of ``explorationLimit``. For example: +As noted in the documentation for ``hasPartialFlow`` (for example, in the +`CodeQL for Java documentation `__) you must first enable this by adding an override of ``explorationLimit``. For example: .. code-block:: ql From 96ff2f5125571ea28988c55b902499e178a91d87 Mon Sep 17 00:00:00 2001 From: james Date: Mon, 8 Nov 2021 12:06:20 +0000 Subject: [PATCH 51/70] use correct type of link --- .../codeql-cli/analyzing-databases-with-the-codeql-cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst index 8b8b8dabf47..c180d9b5a9d 100644 --- a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst @@ -227,7 +227,7 @@ corresponding query. Alternatively, for consistency with the standard CodeQL que you can write query help in the ``.qhelp`` format. Query help written in ``.qhelp`` files can't be included in SARIF files, and they can't be processed by code scanning so must be converted to markdown before running -the analysis. For more information, see ":doc:`Query help files `" +the analysis. For more information, see ":ref:`Query help files `" and ":doc:`Testing query help files `." Results From 2581efc18aac38d563b94da32da2173ba03f29d0 Mon Sep 17 00:00:00 2001 From: Alex Ford Date: Mon, 8 Nov 2021 12:32:38 +0000 Subject: [PATCH 52/70] ruby: downgrade rb/hardcoded-credentials precision from high to medium --- ruby/change-notes/2021-11-08-hardcoded-credentials-downgrade.md | 2 ++ ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 ruby/change-notes/2021-11-08-hardcoded-credentials-downgrade.md diff --git a/ruby/change-notes/2021-11-08-hardcoded-credentials-downgrade.md b/ruby/change-notes/2021-11-08-hardcoded-credentials-downgrade.md new file mode 100644 index 00000000000..47b1dfe6157 --- /dev/null +++ b/ruby/change-notes/2021-11-08-hardcoded-credentials-downgrade.md @@ -0,0 +1,2 @@ +lgtm,codescanning +* The precision of "Hard-coded credentials" (`rb/hardcoded-credentials`) has been decreased from "high" to "medium". This query will no longer be run and displayed by default on Code Scanning and LGTM. diff --git a/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql b/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql index c887793031d..0f7fd35f7f7 100644 --- a/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql +++ b/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql @@ -4,7 +4,7 @@ * @kind path-problem * @problem.severity error * @security-severity 9.8 - * @precision high + * @precision medium * @id rb/hardcoded-credentials * @tags security * external/cwe/cwe-259 From 3f4c2ba24e1df33329d0d7e22bda52c619af0a90 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Mon, 8 Nov 2021 14:08:11 +0100 Subject: [PATCH 53/70] Python: Support debugging inline taint tests The module `Conf` is created so that it can be imported without importing the query predicates from the same file. --- .../experimental/meta/InlineTaintTest.qll | 42 ++++++++++--------- .../meta/debug/InlineTaintTestPaths.expected | 4 ++ .../meta/debug/InlineTaintTestPaths.ql | 25 +++++++++++ 3 files changed, 52 insertions(+), 19 deletions(-) create mode 100644 python/ql/test/experimental/meta/debug/InlineTaintTestPaths.expected create mode 100644 python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql diff --git a/python/ql/test/experimental/meta/InlineTaintTest.qll b/python/ql/test/experimental/meta/InlineTaintTest.qll index 469949a24db..8440223c253 100644 --- a/python/ql/test/experimental/meta/InlineTaintTest.qll +++ b/python/ql/test/experimental/meta/InlineTaintTest.qll @@ -30,30 +30,34 @@ DataFlow::Node shouldNotBeTainted() { ) } -class TestTaintTrackingConfiguration extends TaintTracking::Configuration { - TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" } +module Conf { + class TestTaintTrackingConfiguration extends TaintTracking::Configuration { + TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" } - override predicate isSource(DataFlow::Node source) { - source.asCfgNode().(NameNode).getId() in [ - "TAINTED_STRING", "TAINTED_BYTES", "TAINTED_LIST", "TAINTED_DICT" - ] - or - // User defined sources - exists(CallNode call | - call.getFunction().(NameNode).getId() = "taint" and - source.(DataFlow::CfgNode).getNode() = call.getAnArg() - ) - or - source instanceof RemoteFlowSource - } + override predicate isSource(DataFlow::Node source) { + source.asCfgNode().(NameNode).getId() in [ + "TAINTED_STRING", "TAINTED_BYTES", "TAINTED_LIST", "TAINTED_DICT" + ] + or + // User defined sources + exists(CallNode call | + call.getFunction().(NameNode).getId() = "taint" and + source.(DataFlow::CfgNode).getNode() = call.getAnArg() + ) + or + source instanceof RemoteFlowSource + } - override predicate isSink(DataFlow::Node sink) { - sink = shouldBeTainted() - or - sink = shouldNotBeTainted() + override predicate isSink(DataFlow::Node sink) { + sink = shouldBeTainted() + or + sink = shouldNotBeTainted() + } } } +import Conf + class InlineTaintTest extends InlineExpectationsTest { InlineTaintTest() { this = "InlineTaintTest" } diff --git a/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.expected b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.expected new file mode 100644 index 00000000000..e217064d1df --- /dev/null +++ b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.expected @@ -0,0 +1,4 @@ +edges +nodes +subpaths +#select diff --git a/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql new file mode 100644 index 00000000000..ee4d3d774fa --- /dev/null +++ b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql @@ -0,0 +1,25 @@ +/** + * @kind path-problem + */ + +// This query is for debugging InlineTaintTestFailures. +// The intended usage is +// 1. load the database of the failing test +// 2. run this query to see actual paths +// 3. if necessary, look at partial paths by (un)commenting appropriate lines +import python +import semmle.python.dataflow.new.DataFlow +import experimental.meta.InlineTaintTest::Conf +// import DataFlow::PartialPathGraph +import DataFlow::PathGraph + +class Conf extends TestTaintTrackingConfiguration { + override int explorationLimit() { result = 5 } +} + +// from Conf config, DataFlow::PartialPathNode source, DataFlow::PartialPathNode sink +// where config.hasPartialFlow(source, sink, _) +from Conf config, DataFlow::PathNode source, DataFlow::PathNode sink +where config.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" From b3e64f1669eb6ea03b208fe2eb8d9b276e6b70f2 Mon Sep 17 00:00:00 2001 From: Asger Feldthaus Date: Mon, 8 Nov 2021 15:32:43 +0100 Subject: [PATCH 54/70] JS: Add test --- .../Security/CWE-022/TaintedPath/Consistency.expected | 1 + .../Security/CWE-022/TaintedPath/TaintedPath.expected | 8 ++++++++ .../Security/CWE-022/TaintedPath/normalizedPaths.js | 3 +++ 3 files changed, 12 insertions(+) diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected index e69de29bb2d..e2f9460f421 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected @@ -0,0 +1 @@ +| query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js:402 | did not expect an alert, but found an alert for TaintedPath | OK | | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 3c839e9c260..6867c2db7bb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -2129,6 +2129,9 @@ nodes | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:399:21:399:24 | path | +| normalizedPaths.js:402:21:402:24 | path | +| normalizedPaths.js:402:21:402:24 | path | +| normalizedPaths.js:402:21:402:24 | path | | other-fs-libraries.js:9:7:9:48 | path | | other-fs-libraries.js:9:7:9:48 | path | | other-fs-libraries.js:9:7:9:48 | path | @@ -7019,6 +7022,10 @@ edges | normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:402:21:402:24 | path | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:402:21:402:24 | path | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:402:21:402:24 | path | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:402:21:402:24 | path | | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | @@ -9699,6 +9706,7 @@ edges | normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on $@. | normalizedPaths.js:377:14:377:27 | req.query.path | a user-provided value | | normalizedPaths.js:388:19:388:22 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:388:19:388:22 | path | This path depends on $@. | normalizedPaths.js:385:35:385:45 | req.query.x | a user-provided value | | normalizedPaths.js:399:21:399:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:399:21:399:24 | path | This path depends on $@. | normalizedPaths.js:385:35:385:45 | req.query.x | a user-provided value | +| normalizedPaths.js:402:21:402:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:402:21:402:24 | path | This path depends on $@. | normalizedPaths.js:385:35:385:45 | req.query.x | a user-provided value | | other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value | | other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value | | other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js index 9d1382e4fba..f5caae46c45 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js @@ -398,4 +398,7 @@ app.get('/dotdot-regexp', (req, res) => { if (!path.match(/\.\.\/foo/)) { fs.readFileSync(path); // NOT OK } + if (!path.match(/(\.\.\/|\.\.\\)/)) { + fs.readFileSync(path); // OK + } }); From f14f9449ee3899be6bedecc5a9afba1ed39d736c Mon Sep 17 00:00:00 2001 From: Asger Feldthaus Date: Mon, 8 Nov 2021 15:35:35 +0100 Subject: [PATCH 55/70] JS: Use getAMatchedString instead of getConstantString --- .../security/dataflow/TaintedPathCustomizations.qll | 2 +- .../Security/CWE-022/TaintedPath/Consistency.expected | 1 - .../Security/CWE-022/TaintedPath/TaintedPath.expected | 8 -------- 3 files changed, 1 insertion(+), 10 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index 5485dbd39e4..3faee47f867 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -459,7 +459,7 @@ module TaintedPath { * An expression of form `x.matches(/\.\./)` or similar. */ class ContainsDotDotRegExpSanitizer extends BarrierGuardNode instanceof StringOps::RegExpTest { - ContainsDotDotRegExpSanitizer() { super.getRegExp().getConstantValue() = [".", "..", "../"] } + ContainsDotDotRegExpSanitizer() { super.getRegExp().getAMatchedString() = [".", "..", "../"] } override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = super.getStringOperand().asExpr() and diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected index e2f9460f421..e69de29bb2d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected @@ -1 +0,0 @@ -| query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js:402 | did not expect an alert, but found an alert for TaintedPath | OK | | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 6867c2db7bb..3c839e9c260 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -2129,9 +2129,6 @@ nodes | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:402:21:402:24 | path | -| normalizedPaths.js:402:21:402:24 | path | -| normalizedPaths.js:402:21:402:24 | path | | other-fs-libraries.js:9:7:9:48 | path | | other-fs-libraries.js:9:7:9:48 | path | | other-fs-libraries.js:9:7:9:48 | path | @@ -7022,10 +7019,6 @@ edges | normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:402:21:402:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:402:21:402:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:402:21:402:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:402:21:402:24 | path | | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | @@ -9706,7 +9699,6 @@ edges | normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on $@. | normalizedPaths.js:377:14:377:27 | req.query.path | a user-provided value | | normalizedPaths.js:388:19:388:22 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:388:19:388:22 | path | This path depends on $@. | normalizedPaths.js:385:35:385:45 | req.query.x | a user-provided value | | normalizedPaths.js:399:21:399:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:399:21:399:24 | path | This path depends on $@. | normalizedPaths.js:385:35:385:45 | req.query.x | a user-provided value | -| normalizedPaths.js:402:21:402:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:402:21:402:24 | path | This path depends on $@. | normalizedPaths.js:385:35:385:45 | req.query.x | a user-provided value | | other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value | | other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value | | other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value | From 0c6680b2c02dd65ec1e3021c4c8cef7172648632 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 9 Nov 2021 09:07:54 +0000 Subject: [PATCH 56/70] Revert "JS: Skip files with unsupported file encoding" --- .../src/com/semmle/js/extractor/FileExtractor.java | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java index 62ee175f4a1..1e9b7d6ad84 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java +++ b/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java @@ -5,7 +5,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileReader; import java.io.IOException; -import java.nio.charset.CharacterCodingException; +import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.nio.file.Path; import java.util.LinkedHashSet; @@ -17,7 +17,6 @@ import com.semmle.js.extractor.trapcache.CachingTrapWriter; import com.semmle.js.extractor.trapcache.ITrapCache; import com.semmle.util.data.StringUtil; import com.semmle.util.exception.Exceptions; -import com.semmle.util.exception.ResourceError; import com.semmle.util.extraction.ExtractorOutputConfig; import com.semmle.util.files.FileUtil; import com.semmle.util.io.WholeIO; @@ -439,16 +438,7 @@ public class FileExtractor { } // populate source archive - WholeIO wholeIO = new WholeIO(config.getDefaultEncoding(), true); - String source = wholeIO.read(f); - if (source == null) { - if (wholeIO.getLastException() instanceof CharacterCodingException) { - System.err.println("Skipped due to unsupported character encoding: " + f); - return 0; - } else { - throw new ResourceError("Failed to read file " + f, wholeIO.getLastException()); - } - } + String source = new WholeIO(config.getDefaultEncoding()).strictread(f); outputConfig.getSourceArchive().add(f, source); // extract language-independent bits From cb8f1b4593175bd4eb0f4bf962fbdaf61942e3d0 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 9 Nov 2021 11:49:31 +0100 Subject: [PATCH 57/70] Python: Add tests for aiopg --- .../frameworks/aiopg/ConceptsTest.expected | 0 .../frameworks/aiopg/ConceptsTest.ql | 2 ++ .../library-tests/frameworks/aiopg/test.py | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+) create mode 100644 python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.expected create mode 100644 python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.ql create mode 100644 python/ql/test/library-tests/frameworks/aiopg/test.py diff --git a/python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.ql b/python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.ql new file mode 100644 index 00000000000..b557a0bccb6 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.ql @@ -0,0 +1,2 @@ +import python +import experimental.meta.ConceptsTest diff --git a/python/ql/test/library-tests/frameworks/aiopg/test.py b/python/ql/test/library-tests/frameworks/aiopg/test.py new file mode 100644 index 00000000000..e95eb12bc8f --- /dev/null +++ b/python/ql/test/library-tests/frameworks/aiopg/test.py @@ -0,0 +1,19 @@ +import aiopg + +# Only a cursor can execute sql. +async def test_cursor(): + # Create connection directly + conn = await aiopg.connect() + cur = await conn.cursor() + await cur.execute("sql") # $ MISSING: getSql="sql" + + # Create connection via pool + async with aiopg.create_pool() as pool: + # Create Cursor via Connection + async with pool.acquire() as conn: + cur = await conn.cursor() + await cur.execute("sql") # $ MISSING: getSql="sql" + + # Create Cursor directly + async with pool.cursor() as cur: + await cur.execute("sql") # $ MISSING: getSql="sql" From cd332a75fc1916986855c3cd8870464d1228dd7e Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 9 Nov 2021 12:32:21 +0100 Subject: [PATCH 58/70] Python: model aiopg --- docs/codeql/support/reusables/frameworks.rst | 1 + python/ql/lib/semmle/python/Frameworks.qll | 1 + .../ql/lib/semmle/python/frameworks/Aiopg.qll | 74 +++++++++++++++++++ .../library-tests/frameworks/aiopg/test.py | 6 +- 4 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 python/ql/lib/semmle/python/frameworks/Aiopg.qll diff --git a/docs/codeql/support/reusables/frameworks.rst b/docs/codeql/support/reusables/frameworks.rst index b186c08c5d6..52e96f9af0c 100644 --- a/docs/codeql/support/reusables/frameworks.rst +++ b/docs/codeql/support/reusables/frameworks.rst @@ -183,6 +183,7 @@ Python built-in support pydantic, Utility library yarl, Utility library aioch, Database + aiopg, Database asyncpg, Database clickhouse-driver, Database mysql-connector-python, Database diff --git a/python/ql/lib/semmle/python/Frameworks.qll b/python/ql/lib/semmle/python/Frameworks.qll index 932d2279a5a..b0587f9d430 100644 --- a/python/ql/lib/semmle/python/Frameworks.qll +++ b/python/ql/lib/semmle/python/Frameworks.qll @@ -6,6 +6,7 @@ // `docs/codeql/support/reusables/frameworks.rst` private import semmle.python.frameworks.Aioch private import semmle.python.frameworks.Aiohttp +private import semmle.python.frameworks.Aiopg private import semmle.python.frameworks.Asyncpg private import semmle.python.frameworks.ClickhouseDriver private import semmle.python.frameworks.Cryptodome diff --git a/python/ql/lib/semmle/python/frameworks/Aiopg.qll b/python/ql/lib/semmle/python/frameworks/Aiopg.qll new file mode 100644 index 00000000000..49eeb0d1d1f --- /dev/null +++ b/python/ql/lib/semmle/python/frameworks/Aiopg.qll @@ -0,0 +1,74 @@ +/** + * Provides classes modeling security-relevant aspects of the `aiopg` PyPI package. + * See + * - https://aiopg.readthedocs.io/en/stable/index.html + * - https://pypi.org/project/aiopg/ + */ + +private import python +private import semmle.python.dataflow.new.DataFlow +private import semmle.python.Concepts +private import semmle.python.ApiGraphs + +/** Provides models for the `aiopg` PyPI package. */ +private module Aiopg { + private import semmle.python.internal.Awaited + + /** A `ConectionPool` is created when the result of `aiopg.create_pool()` is awaited. */ + API::Node connectionPool() { + result = API::moduleImport("aiopg").getMember("create_pool").getReturn().getAwaited() + } + + /** + * A `Connection` is created when + * - the result of `aiopg.connect()` is awaited. + * - the result of calling `aquire` on a `ConnectionPool` is awaited. + */ + API::Node connection() { + result = API::moduleImport("aiopg").getMember("connect").getReturn().getAwaited() + or + result = connectionPool().getMember("acquire").getReturn().getAwaited() + } + + /** + * A `Cursor` is created when + * - the result of calling `cursor` on a `ConnectionPool` is awaited. + * - the result of calling `cursor` on a `Connection` is awaited. + */ + API::Node cursor() { + result = connectionPool().getMember("cursor").getReturn().getAwaited() + or + result = connection().getMember("cursor").getReturn().getAwaited() + } + + class CursorExecuteCall extends SqlConstruction::Range, DataFlow::CallCfgNode { + CursorExecuteCall() { this = cursor().getMember("execute").getACall() } + + override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("operation")] } + } + + /** + * This is only needed to connect the argument to the execute call with the subsequnt awaiting. + * It should be obsolete once we have `API::CallNode` available. + */ + private DataFlow::TypeTrackingNode cursorExecuteCall(DataFlow::TypeTracker t, DataFlow::Node sql) { + // cursor created from connection + t.start() and + sql = result.(CursorExecuteCall).getSql() + or + exists(DataFlow::TypeTracker t2 | result = cursorExecuteCall(t2, sql).track(t2, t)) + } + + DataFlow::Node cursorExecuteCall(DataFlow::Node sql) { + cursorExecuteCall(DataFlow::TypeTracker::end(), sql).flowsTo(result) + } + + /** Awaiting the result of calling `execute` executes the query. */ + class AwaitedCursorExecuteCall extends SqlExecution::Range { + DataFlow::Node sql; + + AwaitedCursorExecuteCall() { this = awaited(cursorExecuteCall(sql)) } + + override DataFlow::Node getSql() { result = sql } + } +} diff --git a/python/ql/test/library-tests/frameworks/aiopg/test.py b/python/ql/test/library-tests/frameworks/aiopg/test.py index e95eb12bc8f..23129e7f503 100644 --- a/python/ql/test/library-tests/frameworks/aiopg/test.py +++ b/python/ql/test/library-tests/frameworks/aiopg/test.py @@ -5,15 +5,15 @@ async def test_cursor(): # Create connection directly conn = await aiopg.connect() cur = await conn.cursor() - await cur.execute("sql") # $ MISSING: getSql="sql" + await cur.execute("sql") # $ getSql="sql" constructedSql="sql" # Create connection via pool async with aiopg.create_pool() as pool: # Create Cursor via Connection async with pool.acquire() as conn: cur = await conn.cursor() - await cur.execute("sql") # $ MISSING: getSql="sql" + await cur.execute("sql") # $ getSql="sql" constructedSql="sql" # Create Cursor directly async with pool.cursor() as cur: - await cur.execute("sql") # $ MISSING: getSql="sql" + await cur.execute("sql") # $ getSql="sql" constructedSql="sql" From f53314019ac0893c47daeffe1ec2f96692c6c6e4 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 9 Nov 2021 12:42:03 +0100 Subject: [PATCH 59/70] Python: test `aiopg.sa` --- python/ql/test/library-tests/frameworks/aiopg/test.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/python/ql/test/library-tests/frameworks/aiopg/test.py b/python/ql/test/library-tests/frameworks/aiopg/test.py index 23129e7f503..f27e12b3f3b 100644 --- a/python/ql/test/library-tests/frameworks/aiopg/test.py +++ b/python/ql/test/library-tests/frameworks/aiopg/test.py @@ -17,3 +17,10 @@ async def test_cursor(): # Create Cursor directly async with pool.cursor() as cur: await cur.execute("sql") # $ getSql="sql" constructedSql="sql" + +from aiopg.sa import create_engine + +async def test_engine(): + engine = await create_engine() + conn = await engine.acquire() + await conn.execute("sql") # $ MISSING: getSql="sql" constructedSql="sql" From a58c47b07bf24a0fe7895822ea9acbee70a04a13 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 9 Nov 2021 12:49:57 +0100 Subject: [PATCH 60/70] Python: model `aiopg.sa` --- .../ql/lib/semmle/python/frameworks/Aiopg.qll | 46 +++++++++++++++++++ .../library-tests/frameworks/aiopg/test.py | 2 +- 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/python/ql/lib/semmle/python/frameworks/Aiopg.qll b/python/ql/lib/semmle/python/frameworks/Aiopg.qll index 49eeb0d1d1f..6ae5b5a05e8 100644 --- a/python/ql/lib/semmle/python/frameworks/Aiopg.qll +++ b/python/ql/lib/semmle/python/frameworks/Aiopg.qll @@ -41,6 +41,7 @@ private module Aiopg { result = connection().getMember("cursor").getReturn().getAwaited() } + /** Calling `execute` on a `Cursor` constructs a query. */ class CursorExecuteCall extends SqlConstruction::Range, DataFlow::CallCfgNode { CursorExecuteCall() { this = cursor().getMember("execute").getACall() } @@ -71,4 +72,49 @@ private module Aiopg { override DataFlow::Node getSql() { result = sql } } + + /** An `Engine` is created when the result of calling `aiopg.sa.create_engine` is awaited. */ + API::Node engine() { + result = + API::moduleImport("aiopg").getMember("sa").getMember("create_engine").getReturn().getAwaited() + } + + /** + * A `SAConnection` is created when the result of calling `aquire` on an `Engine` is awaited. + */ + API::Node saConnection() { result = engine().getMember("acquire").getReturn().getAwaited() } + + /** Calling `execute` on a `SAConnection` constructs a query. */ + class SAConnectionExecuteCall extends SqlConstruction::Range, DataFlow::CallCfgNode { + SAConnectionExecuteCall() { this = saConnection().getMember("execute").getACall() } + + override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("query")] } + } + + /** + * This is only needed to connect the argument to the execute call with the subsequnt awaiting. + * It should be obsolete once we have `API::CallNode` available. + */ + private DataFlow::TypeTrackingNode saConnectionExecuteCall( + DataFlow::TypeTracker t, DataFlow::Node sql + ) { + // saConnection created from engine + t.start() and + sql = result.(SAConnectionExecuteCall).getSql() + or + exists(DataFlow::TypeTracker t2 | result = saConnectionExecuteCall(t2, sql).track(t2, t)) + } + + DataFlow::Node saConnectionExecuteCall(DataFlow::Node sql) { + saConnectionExecuteCall(DataFlow::TypeTracker::end(), sql).flowsTo(result) + } + + /** Awaiting the result of calling `execute` executes the query. */ + class AwaitedSAConnectionExecuteCall extends SqlExecution::Range { + DataFlow::Node sql; + + AwaitedSAConnectionExecuteCall() { this = awaited(saConnectionExecuteCall(sql)) } + + override DataFlow::Node getSql() { result = sql } + } } diff --git a/python/ql/test/library-tests/frameworks/aiopg/test.py b/python/ql/test/library-tests/frameworks/aiopg/test.py index f27e12b3f3b..d04d63e257e 100644 --- a/python/ql/test/library-tests/frameworks/aiopg/test.py +++ b/python/ql/test/library-tests/frameworks/aiopg/test.py @@ -23,4 +23,4 @@ from aiopg.sa import create_engine async def test_engine(): engine = await create_engine() conn = await engine.acquire() - await conn.execute("sql") # $ MISSING: getSql="sql" constructedSql="sql" + await conn.execute("sql") # $ getSql="sql" constructedSql="sql" From aa1541a5c3809e12f37188e62b5300ff792cac42 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 9 Nov 2021 12:57:36 +0100 Subject: [PATCH 61/70] Python: add changenote --- python/change-notes/2021-11-09-model-aiopg.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 python/change-notes/2021-11-09-model-aiopg.md diff --git a/python/change-notes/2021-11-09-model-aiopg.md b/python/change-notes/2021-11-09-model-aiopg.md new file mode 100644 index 00000000000..7bf78a8de01 --- /dev/null +++ b/python/change-notes/2021-11-09-model-aiopg.md @@ -0,0 +1,2 @@ +lgtm,codescanning +* Added modeling of `aiopg` for sinks executing SQL. From 5f4aad40c17260fd6af8edd7bd623c460f82139e Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 9 Nov 2021 13:00:35 +0100 Subject: [PATCH 62/70] Update python/ql/test/experimental/meta/InlineTaintTest.qll Co-authored-by: Rasmus Wriedt Larsen --- python/ql/test/experimental/meta/InlineTaintTest.qll | 2 ++ 1 file changed, 2 insertions(+) diff --git a/python/ql/test/experimental/meta/InlineTaintTest.qll b/python/ql/test/experimental/meta/InlineTaintTest.qll index 8440223c253..54575d22fd7 100644 --- a/python/ql/test/experimental/meta/InlineTaintTest.qll +++ b/python/ql/test/experimental/meta/InlineTaintTest.qll @@ -30,6 +30,8 @@ DataFlow::Node shouldNotBeTainted() { ) } +// this module allows the configuration to be imported in other `.ql` files without the +// top level query predicates of this file coming into scope. module Conf { class TestTaintTrackingConfiguration extends TaintTracking::Configuration { TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" } From ac5a46f24f269bb808acaa9de21979f5044742fa Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 9 Nov 2021 13:04:52 +0100 Subject: [PATCH 63/70] Python: split test as suggested in review --- .../defaultAdditionalTaintStep/test_for.py | 30 +++++++++++++++++++ .../{test_syntax.py => test_with.py} | 14 --------- 2 files changed, 30 insertions(+), 14 deletions(-) create mode 100644 python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_for.py rename python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/{test_syntax.py => test_with.py} (83%) diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_for.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_for.py new file mode 100644 index 00000000000..1fdef72575a --- /dev/null +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_for.py @@ -0,0 +1,30 @@ +# Add taintlib to PATH so it can be imported during runtime without any hassle +import sys; import os; sys.path.append(os.path.dirname(os.path.dirname((__file__)))) +from taintlib import * + +# This has no runtime impact, but allows autocomplete to work +from typing import TYPE_CHECKING +if TYPE_CHECKING: + from ..taintlib import * + + +# Actual tests + +class Iter: + def __iter__(self): + return self + + def __next__(self): + raise StopIteration + +def test_for(): + iter = Iter() + taint(iter) + for tainted in iter: + ensure_tainted(tainted) # $ tainted + + + +# Make tests runable + +test_for() diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_with.py similarity index 83% rename from python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py rename to python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_with.py index a605fa8f343..7fae023111d 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_syntax.py +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_with.py @@ -51,19 +51,6 @@ def test_with_arg(): with ctx as tainted: ensure_tainted(tainted) # $ tainted -class Iter: - def __iter__(self): - return self - - def __next__(self): - raise StopIteration - -def test_for(): - iter = Iter() - taint(iter) - for tainted in iter: - ensure_tainted(tainted) # $ tainted - # Make tests runable @@ -71,4 +58,3 @@ def test_for(): test_with() test_with_taint() test_with_arg() -test_for() From bfe2e2e0b92401349a26db1b82d800a2a46f9729 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 9 Nov 2021 10:20:15 +0100 Subject: [PATCH 64/70] Model taint for FilterOutputStream --- java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll | 6 +++++- .../code/java/dataflow/internal/TaintTrackingUtil.qll | 7 ------- java/ql/test/library-tests/dataflow/taint/A.java | 9 +++++++++ java/ql/test/library-tests/dataflow/taint/test.expected | 1 + 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 1da06f2daff..825949776f2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -373,7 +373,11 @@ private predicate summaryModelCsv(string row) { "java.io;StringReader;false;StringReader;;;Argument[0];Argument[-1];taint", "java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint", "java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint", - "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint" + "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint", + "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint", + "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint", + "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint", + "java.io;FilterOutputStream;true;FilterOutputStream;(OutputStream);;Argument[0];Argument[-1];taint" ] } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 4e742238209..bab6025b4a6 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -376,13 +376,6 @@ private predicate argToQualifierStep(Expr tracked, Expr sink) { * `arg` is the index of the argument. */ private predicate taintPreservingArgumentToQualifier(Method method, int arg) { - exists(Method write | - method.overrides*(write) and - write.hasName("write") and - arg = 0 and - write.getDeclaringType().hasQualifiedName("java.io", "OutputStream") - ) - or method.(TaintPreservingCallable).transfersTaint(arg, -1) } diff --git a/java/ql/test/library-tests/dataflow/taint/A.java b/java/ql/test/library-tests/dataflow/taint/A.java index 55fd9796586..9f6b9ff6241 100644 --- a/java/ql/test/library-tests/dataflow/taint/A.java +++ b/java/ql/test/library-tests/dataflow/taint/A.java @@ -72,4 +72,13 @@ public class A { arrayWrite(taint(), b); sink(b); } + + void testFilterOutputStream() throws IOException { + ByteArrayOutputStream bOutput = new ByteArrayOutputStream(); + bOutput.write(taint()); + FilterOutputStream filterOutput = new FilterOutputStream(bOutput) { + }; + sink(filterOutput); + } + } diff --git a/java/ql/test/library-tests/dataflow/taint/test.expected b/java/ql/test/library-tests/dataflow/taint/test.expected index 8cdec8678ae..40a8b189d5e 100644 --- a/java/ql/test/library-tests/dataflow/taint/test.expected +++ b/java/ql/test/library-tests/dataflow/taint/test.expected @@ -3,6 +3,7 @@ | A.java:33:23:33:29 | taint(...) | A.java:34:10:34:27 | toByteArray(...) | | A.java:46:27:46:33 | taint(...) | A.java:47:10:47:30 | toByteArray(...) | | A.java:55:58:55:64 | taint(...) | A.java:61:10:61:16 | dh.data | +| A.java:78:19:78:25 | taint(...) | A.java:81:10:81:21 | filterOutput | | B.java:15:21:15:27 | taint(...) | B.java:18:10:18:16 | aaaargs | | B.java:15:21:15:27 | taint(...) | B.java:21:10:21:10 | s | | B.java:15:21:15:27 | taint(...) | B.java:24:10:24:15 | concat | From f5426336c340750d8d26f7f0037a8391e46fae50 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 10 Nov 2021 00:09:06 +0000 Subject: [PATCH 65/70] Add changed framework coverage reports --- java/documentation/library-coverage/coverage.csv | 2 +- java/documentation/library-coverage/coverage.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 2f873280e74..2f38f42d404 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -26,7 +26,7 @@ jakarta.ws.rs.client,1,,,,,,,,,,,,,,1,,,,,,,,,,, jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,9,, jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,2,,,,,,94,55 java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,1, -java.io,3,,27,,3,,,,,,,,,,,,,,,,,,,,26,1 +java.io,3,,31,,3,,,,,,,,,,,,,,,,,,,,30,1 java.lang,,,51,,,,,,,,,,,,,,,,,,,,,,41,10 java.net,10,3,7,,,,,,,,,,,,10,,,,,,,,,3,7, java.nio,10,,4,,10,,,,,,,,,,,,,,,,,,,,4, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index 8750f6d69ae..ca1ad3e11c8 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -15,9 +15,9 @@ Java framework & library support `Apache HttpComponents `_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,136,28,,,3,,,,25 `Google Guava `_,``com.google.common.*``,,728,6,,6,,,,, `JSON-java `_,``org.json``,,236,,,,,,,, - Java Standard Library,``java.*``,3,519,30,13,,,7,,,10 + Java Standard Library,``java.*``,3,523,30,13,,,7,,,10 Java extensions,"``javax.*``, ``jakarta.*``",54,552,32,,,4,,1,1,2 `Spring `_,``org.springframework.*``,29,469,91,,,,19,14,,29 Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.opensymphony.xwork2.ognl``, ``com.unboundid.ldap.sdk``, ``flexjson``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jooq``, ``org.mvel2``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``",39,99,151,,,,14,18,, - Totals,,175,5364,431,13,6,10,107,33,1,66 + Totals,,175,5368,431,13,6,10,107,33,1,66 From 1a751608de099b1c6339c1f6a4a8d246a62f2601 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 9 Nov 2021 16:37:48 +0100 Subject: [PATCH 66/70] Extract Commons IO into seperate file --- .../code/java/dataflow/ExternalFlow.qll | 23 +----------- .../semmle/code/java/frameworks/apache/IO.qll | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+), 22 deletions(-) create mode 100644 java/ql/lib/semmle/code/java/frameworks/apache/IO.qll diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 825949776f2..70858ce2911 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -83,6 +83,7 @@ private module Frameworks { private import semmle.code.java.frameworks.android.XssSinks private import semmle.code.java.frameworks.ApacheHttp private import semmle.code.java.frameworks.apache.Collections + private import semmle.code.java.frameworks.apache.IO private import semmle.code.java.frameworks.apache.Lang private import semmle.code.java.frameworks.Flexjson private import semmle.code.java.frameworks.guava.Guava @@ -322,33 +323,11 @@ private predicate summaryModelCsv(string row) { "org.apache.commons.codec;BinaryDecoder;true;decode;(byte[]);;Argument[0];ReturnValue;taint", "org.apache.commons.codec;StringEncoder;true;encode;(String);;Argument[0];ReturnValue;taint", "org.apache.commons.codec;StringDecoder;true;decode;(String);;Argument[0];ReturnValue;taint", - "org.apache.commons.io;IOUtils;false;buffer;;;Argument[0];ReturnValue;taint", - "org.apache.commons.io;IOUtils;false;readLines;;;Argument[0];ReturnValue;taint", - "org.apache.commons.io;IOUtils;false;readFully;(InputStream,int);;Argument[0];ReturnValue;taint", - "org.apache.commons.io;IOUtils;false;toBufferedInputStream;;;Argument[0];ReturnValue;taint", - "org.apache.commons.io;IOUtils;false;toBufferedReader;;;Argument[0];ReturnValue;taint", - "org.apache.commons.io;IOUtils;false;toByteArray;;;Argument[0];ReturnValue;taint", - "org.apache.commons.io;IOUtils;false;toCharArray;;;Argument[0];ReturnValue;taint", - "org.apache.commons.io;IOUtils;false;toInputStream;;;Argument[0];ReturnValue;taint", - "org.apache.commons.io;IOUtils;false;toString;;;Argument[0];ReturnValue;taint", "java.net;URLDecoder;false;decode;;;Argument[0];ReturnValue;taint", "java.net;URI;false;create;;;Argument[0];ReturnValue;taint", "javax.xml.transform.sax;SAXSource;false;sourceToInputSource;;;Argument[0];ReturnValue;taint", // arg to arg "java.lang;System;false;arraycopy;;;Argument[0];Argument[2];taint", - "org.apache.commons.io;IOUtils;false;copy;;;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;copyLarge;;;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;read;;;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;readFully;(InputStream,byte[]);;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;readFully;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;readFully;(InputStream,ByteBuffer);;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;readFully;(ReadableByteChannel,ByteBuffer);;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;readFully;(Reader,char[]);;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;readFully;(Reader,char[],int,int);;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;write;;;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;writeChunked;;;Argument[0];Argument[1];taint", - "org.apache.commons.io;IOUtils;false;writeLines;;;Argument[0];Argument[2];taint", - "org.apache.commons.io;IOUtils;false;writeLines;;;Argument[1];Argument[2];taint", // constructor flow "java.io;File;false;File;;;Argument[0];Argument[-1];taint", "java.io;File;false;File;;;Argument[1];Argument[-1];taint", diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll b/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll new file mode 100644 index 00000000000..7a39d3cf134 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll @@ -0,0 +1,35 @@ +/** Definitions related to the Apache Commons IO library. */ + +import java +private import semmle.code.java.dataflow.FlowSteps +private import semmle.code.java.dataflow.ExternalFlow + +private class CommonsIOSummaryCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "org.apache.commons.io;IOUtils;false;buffer;;;Argument[0];ReturnValue;taint", + "org.apache.commons.io;IOUtils;false;copy;;;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;copyLarge;;;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;read;;;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;readFully;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;readFully;(InputStream,byte[]);;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;readFully;(InputStream,ByteBuffer);;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;readFully;(InputStream,int);;Argument[0];ReturnValue;taint", + "org.apache.commons.io;IOUtils;false;readFully;(ReadableByteChannel,ByteBuffer);;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;readFully;(Reader,char[],int,int);;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;readFully;(Reader,char[]);;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;readLines;;;Argument[0];ReturnValue;taint", + "org.apache.commons.io;IOUtils;false;toBufferedInputStream;;;Argument[0];ReturnValue;taint", + "org.apache.commons.io;IOUtils;false;toBufferedReader;;;Argument[0];ReturnValue;taint", + "org.apache.commons.io;IOUtils;false;toByteArray;;;Argument[0];ReturnValue;taint", + "org.apache.commons.io;IOUtils;false;toCharArray;;;Argument[0];ReturnValue;taint", + "org.apache.commons.io;IOUtils;false;toInputStream;;;Argument[0];ReturnValue;taint", + "org.apache.commons.io;IOUtils;false;toString;;;Argument[0];ReturnValue;taint", + "org.apache.commons.io;IOUtils;false;write;;;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;writeChunked;;;Argument[0];Argument[1];taint", + "org.apache.commons.io;IOUtils;false;writeLines;;;Argument[0];Argument[2];taint", + "org.apache.commons.io;IOUtils;false;writeLines;;;Argument[1];Argument[2];taint" + ] + } +} From f9fa22c14d15753a4517262bf5dced6b4e1ff51a Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Wed, 10 Nov 2021 10:21:54 +0100 Subject: [PATCH 67/70] Removed unused import --- java/ql/lib/semmle/code/java/frameworks/apache/IO.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll b/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll index 7a39d3cf134..3c989fff37f 100644 --- a/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll +++ b/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll @@ -1,7 +1,6 @@ /** Definitions related to the Apache Commons IO library. */ import java -private import semmle.code.java.dataflow.FlowSteps private import semmle.code.java.dataflow.ExternalFlow private class CommonsIOSummaryCsv extends SummaryModelCsv { From a856395d565547b19cb6cc9cb47e666e09ff7a8f Mon Sep 17 00:00:00 2001 From: yoff Date: Wed, 10 Nov 2021 10:51:40 +0100 Subject: [PATCH 68/70] Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen --- python/ql/test/library-tests/frameworks/aiopg/test.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/python/ql/test/library-tests/frameworks/aiopg/test.py b/python/ql/test/library-tests/frameworks/aiopg/test.py index d04d63e257e..f9b8476ea11 100644 --- a/python/ql/test/library-tests/frameworks/aiopg/test.py +++ b/python/ql/test/library-tests/frameworks/aiopg/test.py @@ -11,13 +11,20 @@ async def test_cursor(): async with aiopg.create_pool() as pool: # Create Cursor via Connection async with pool.acquire() as conn: - cur = await conn.cursor() - await cur.execute("sql") # $ getSql="sql" constructedSql="sql" + async with conn.cursor() as cur: + await cur.execute("sql") # $ getSql="sql" constructedSql="sql" # Create Cursor directly async with pool.cursor() as cur: await cur.execute("sql") # $ getSql="sql" constructedSql="sql" + # variants using as few `async with` as possible + pool = await aiopg.create_pool() + conn = pool.acquire() + cur = await conn.cursor() + await cur.execute("sql") # $ getSql="sql" constructedSql="sql" + +# Test SQLAlchemy integration from aiopg.sa import create_engine async def test_engine(): From c6d285dd2a80ae713e1399ce1efaf9b514878755 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Wed, 10 Nov 2021 11:06:45 +0100 Subject: [PATCH 69/70] Python: Fix test --- python/ql/test/library-tests/frameworks/aiopg/test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/test/library-tests/frameworks/aiopg/test.py b/python/ql/test/library-tests/frameworks/aiopg/test.py index f9b8476ea11..63bf141f52d 100644 --- a/python/ql/test/library-tests/frameworks/aiopg/test.py +++ b/python/ql/test/library-tests/frameworks/aiopg/test.py @@ -20,7 +20,7 @@ async def test_cursor(): # variants using as few `async with` as possible pool = await aiopg.create_pool() - conn = pool.acquire() + conn = await pool.acquire() cur = await conn.cursor() await cur.execute("sql") # $ getSql="sql" constructedSql="sql" From 92a7114b727ea8d9d508f6fe5f6c61da613c55cf Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Wed, 10 Nov 2021 11:06:58 +0100 Subject: [PATCH 70/70] Python: Add API references --- .../ql/lib/semmle/python/frameworks/Aiopg.qll | 33 +++++++++++++++---- 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/python/ql/lib/semmle/python/frameworks/Aiopg.qll b/python/ql/lib/semmle/python/frameworks/Aiopg.qll index 6ae5b5a05e8..927ae90ed05 100644 --- a/python/ql/lib/semmle/python/frameworks/Aiopg.qll +++ b/python/ql/lib/semmle/python/frameworks/Aiopg.qll @@ -14,7 +14,10 @@ private import semmle.python.ApiGraphs private module Aiopg { private import semmle.python.internal.Awaited - /** A `ConectionPool` is created when the result of `aiopg.create_pool()` is awaited. */ + /** + * A `ConectionPool` is created when the result of `aiopg.create_pool()` is awaited. + * See https://aiopg.readthedocs.io/en/stable/core.html#pool + */ API::Node connectionPool() { result = API::moduleImport("aiopg").getMember("create_pool").getReturn().getAwaited() } @@ -23,6 +26,7 @@ private module Aiopg { * A `Connection` is created when * - the result of `aiopg.connect()` is awaited. * - the result of calling `aquire` on a `ConnectionPool` is awaited. + * See https://aiopg.readthedocs.io/en/stable/core.html#connection */ API::Node connection() { result = API::moduleImport("aiopg").getMember("connect").getReturn().getAwaited() @@ -34,6 +38,7 @@ private module Aiopg { * A `Cursor` is created when * - the result of calling `cursor` on a `ConnectionPool` is awaited. * - the result of calling `cursor` on a `Connection` is awaited. + * See https://aiopg.readthedocs.io/en/stable/core.html#cursor */ API::Node cursor() { result = connectionPool().getMember("cursor").getReturn().getAwaited() @@ -41,7 +46,10 @@ private module Aiopg { result = connection().getMember("cursor").getReturn().getAwaited() } - /** Calling `execute` on a `Cursor` constructs a query. */ + /** + * Calling `execute` on a `Cursor` constructs a query. + * See https://aiopg.readthedocs.io/en/stable/core.html#aiopg.Cursor.execute + */ class CursorExecuteCall extends SqlConstruction::Range, DataFlow::CallCfgNode { CursorExecuteCall() { this = cursor().getMember("execute").getACall() } @@ -64,7 +72,10 @@ private module Aiopg { cursorExecuteCall(DataFlow::TypeTracker::end(), sql).flowsTo(result) } - /** Awaiting the result of calling `execute` executes the query. */ + /** + * Awaiting the result of calling `execute` executes the query. + * See https://aiopg.readthedocs.io/en/stable/core.html#aiopg.Cursor.execute + */ class AwaitedCursorExecuteCall extends SqlExecution::Range { DataFlow::Node sql; @@ -73,7 +84,10 @@ private module Aiopg { override DataFlow::Node getSql() { result = sql } } - /** An `Engine` is created when the result of calling `aiopg.sa.create_engine` is awaited. */ + /** + * An `Engine` is created when the result of calling `aiopg.sa.create_engine` is awaited. + * See https://aiopg.readthedocs.io/en/stable/sa.html#engine + */ API::Node engine() { result = API::moduleImport("aiopg").getMember("sa").getMember("create_engine").getReturn().getAwaited() @@ -81,10 +95,14 @@ private module Aiopg { /** * A `SAConnection` is created when the result of calling `aquire` on an `Engine` is awaited. + * See https://aiopg.readthedocs.io/en/stable/sa.html#connection */ API::Node saConnection() { result = engine().getMember("acquire").getReturn().getAwaited() } - /** Calling `execute` on a `SAConnection` constructs a query. */ + /** + * Calling `execute` on a `SAConnection` constructs a query. + * See https://aiopg.readthedocs.io/en/stable/sa.html#aiopg.sa.SAConnection.execute + */ class SAConnectionExecuteCall extends SqlConstruction::Range, DataFlow::CallCfgNode { SAConnectionExecuteCall() { this = saConnection().getMember("execute").getACall() } @@ -109,7 +127,10 @@ private module Aiopg { saConnectionExecuteCall(DataFlow::TypeTracker::end(), sql).flowsTo(result) } - /** Awaiting the result of calling `execute` executes the query. */ + /** + * Awaiting the result of calling `execute` executes the query. + * See https://aiopg.readthedocs.io/en/stable/sa.html#aiopg.sa.SAConnection.execute + */ class AwaitedSAConnectionExecuteCall extends SqlExecution::Range { DataFlow::Node sql;