Merge branch 'master' of github.com:Semmle/ql into attribute

2019-08-23 21:47:31 +01:00 · 2019-08-23 21:47:31 +01:00 · da29d99560
--- a/change-notes/1.22/analysis-cpp.md
+++ b/change-notes/1.22/analysis-cpp.md
@ -30,3 +30,10 @@
 - The `semmle.code.cpp.models` library now models data flow through `std::swap`.
 - There is a new `Variable.isThreadLocal()` predicate. It can be used to tell whether a variable is `thread_local`.
 - Recursion through the `DataFlow` library is now always a compile error. Such recursion has been deprecated since release 1.16. If one `DataFlow::Configuration` needs to depend on the results of another, switch one of them to use one of the `DataFlow2` through `DataFlow4` libraries.
+- The possibility of specifying barrier edges using
+  `isBarrierEdge`/`isSanitizerEdge` in data-flow and taint-tracking
+  configurations has been replaced with the option of specifying in- and
+  out-barriers on nodes by overriding `isBarrierIn`/`isSanitizerIn` and
+  `isBarrierOut`/`isSanitizerOut`. This should be simpler to use effectively,
+  as it does not require knowledge about the actual edges used internally by
+  the library.
--- a/change-notes/1.22/analysis-csharp.md
+++ b/change-notes/1.22/analysis-csharp.md
@ -42,5 +42,12 @@
  - The new predicate `TypeParameterConstraints.getAnAnnotatedTypeConstraint()` gets a type constraint with type annotations
 * The new class `SuppressNullableWarningExpr` models suppress-nullable-warning expressions such as `x!`
 * The data-flow library (and taint-tracking library) now supports flow through fields. All existing configurations will have field-flow enabled by default, but it can be disabled by adding `override int fieldFlowBranchLimit() { result = 0 }` to the configuration class. Field assignments, `this.Foo = x`, object initializers, `new C() { Foo = x }`, and field initializers `int Foo = 0` are supported.
+* The possibility of specifying barrier edges using
+  `isBarrierEdge`/`isSanitizerEdge` in data-flow and taint-tracking
+  configurations has been replaced with the option of specifying in- and
+  out-barriers on nodes by overriding `isBarrierIn`/`isSanitizerIn` and
+  `isBarrierOut`/`isSanitizerOut`. This should be simpler to use effectively,
+  as it does not require knowledge about the actual edges used internally by
+  the library.

 ## Changes to autobuilder
--- a/change-notes/1.22/analysis-java.md
+++ b/change-notes/1.22/analysis-java.md
@ -16,4 +16,18 @@
  removes false positives that arose from paths through impossible `toString()`
  calls.
 * The library `VCS.qll` and all queries that imported it have been removed.
-* The second copy of the interprocedural `TaintTracking` library has been renamed from `TaintTracking::Configuration2` to `TaintTracking2::Configuration`, and the old name is now deprecated. Import `semmle.code.java.dataflow.TaintTracking2` to access the new name.
+* The second copy of the interprocedural `TaintTracking` library has been
+  renamed from `TaintTracking::Configuration2` to
+  `TaintTracking2::Configuration`, and the old name is now deprecated. Import
+  `semmle.code.java.dataflow.TaintTracking2` to access the new name.
+* The data-flow library now makes it easier to specify barriers/sanitizers
+  arising from guards by overriding the predicate
+  `isBarrierGuard`/`isSanitizerGuard` on data-flow and taint-tracking
+  configurations respectively.
+* The possibility of specifying barrier edges using
+  `isBarrierEdge`/`isSanitizerEdge` in data-flow and taint-tracking
+  configurations has been replaced with the option of specifying in- and
+  out-barriers on nodes by overriding `isBarrierIn`/`isSanitizerIn` and
+  `isBarrierOut`/`isSanitizerOut`. This should be simpler to use effectively,
+  as it does not require knowledge about the actual edges used internally by
+  the library.
--- a/change-notes/1.22/analysis-javascript.md
+++ b/change-notes/1.22/analysis-javascript.md
@ -31,6 +31,7 @@
 | Shift out of range | Fewer false positive results | This rule now correctly handles BigInt shift operands. |
 | Conflicting HTML element attributes | Fewer results | Results are no longer shown on LGTM by default. |
 | Superfluous trailing arguments | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. |
+| Undocumented parameter | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. |

 ## Changes to QL libraries

--- a/cpp/ql/src/semmle/code/cpp/exprs/Lambda.qll
+++ b/cpp/ql/src/semmle/code/cpp/exprs/Lambda.qll
@ -98,12 +98,12 @@ class Closure extends Class {
 /**
 * Information about a value captured as part of a lambda expression.
 */
-class LambdaCapture extends @lambdacapture {
-  string toString() {
+class LambdaCapture extends Locatable, @lambdacapture {
+  override string toString() {
    result = getField().toString()
  }

-  string getCanonicalQLClass() { result = "LambdaCapture" }
+  override string getCanonicalQLClass() { result = "LambdaCapture" }

  /**
   * Holds if this capture was made implicitly.
@ -133,7 +133,7 @@ class LambdaCapture extends @lambdacapture {
   * For implicit captures, this is the first location within the "{...}" part of the lambda
   * expression which accesses the captured variable.
   */
-  Location getLocation() {
+  override Location getLocation() {
    lambda_capture(this, _, _, _, _, _, result)
  }

--- a/cpp/ql/src/semmlecode.cpp.dbscheme
+++ b/cpp/ql/src/semmlecode.cpp.dbscheme
@ -1026,7 +1026,8 @@ frienddecls(
         | @namequalifier
         | @specialnamequalifyingelement
         | @static_assert
-         | @type_mention;
+         | @type_mention
+         | @lambdacapture;

@exprparent = @element;

--- a/cpp/ql/src/semmlecode.cpp.dbscheme.stats
+++ b/cpp/ql/src/semmlecode.cpp.dbscheme.stats
@ -129,7 +129,7 @@
 </e>
 <e>
 <k>@specifier</k>
-<v>534</v>
+<v>547</v>
 </e>
 <e>
 <k>@gnuattribute</k>
@ -200,22 +200,6 @@
 <v>1685056</v>
 </e>
 <e>
-<k>@preincrexpr</k>
-<v>63965</v>
-</e>
-<e>
-<k>@predecrexpr</k>
-<v>26590</v>
-</e>
-<e>
-<k>@assignexpr</k>
-<v>551713</v>
-</e>
-<e>
-<k>@varaccess</k>
-<v>5376523</v>
-</e>
-<e>
 <k>@literal</k>
 <v>4374193</v>
 </e>
@ -292,6 +276,14 @@
 <v>5401</v>
 </e>
 <e>
+<k>@preincrexpr</k>
+<v>63965</v>
+</e>
+<e>
+<k>@predecrexpr</k>
+<v>26590</v>
+</e>
+<e>
 <k>@conditionalexpr</k>
 <v>154429</v>
 </e>
@ -404,6 +396,10 @@
 <v>1</v>
 </e>
 <e>
+<k>@assignexpr</k>
+<v>551713</v>
+</e>
+<e>
 <k>@assignaddexpr</k>
 <v>68305</v>
 </e>
@ -492,6 +488,10 @@
 <v>30</v>
 </e>
 <e>
+<k>@varaccess</k>
+<v>5376523</v>
+</e>
+<e>
 <k>@thisaccess</k>
 <v>1181367</v>
 </e>
@ -844,14 +844,6 @@
 <v>1284491</v>
 </e>
 <e>
-<k>@stmt_return</k>
-<v>1197363</v>
-</e>
-<e>
-<k>@stmt_block</k>
-<v>1398476</v>
-</e>
-<e>
 <k>@stmt_if</k>
 <v>524558</v>
 </e>
@ -868,6 +860,14 @@
 <v>85508</v>
 </e>
 <e>
+<k>@stmt_return</k>
+<v>1197363</v>
+</e>
+<e>
+<k>@stmt_block</k>
+<v>1398476</v>
+</e>
+<e>
 <k>@stmt_end_test_while</k>
 <v>149900</v>
 </e>
@ -933,7 +933,15 @@
 </e>
 <e>
 <k>@stmt_constexpr_if</k>
-<v>2</v>
+<v>3</v>
+</e>
+<e>
+<k>@ppd_plain_include</k>
+<v>321760</v>
+</e>
+<e>
+<k>@ppd_define</k>
+<v>350005</v>
 </e>
 <e>
 <k>@ppd_if</k>
@ -960,14 +968,6 @@
 <v>329749</v>
 </e>
 <e>
-<k>@ppd_plain_include</k>
-<v>321760</v>
-</e>
-<e>
-<k>@ppd_define</k>
-<v>350005</v>
-</e>
-<e>
 <k>@ppd_undef</k>
 <v>21155</v>
 </e>
@ -1492,7 +1492,7 @@
 </e>
 <e>
 <k>seconds</k>
-<v>12304</v>
+<v>12352</v>
 </e>
 </columnsizes>
 <dependencies>
@ -1536,19 +1536,14 @@
 <budget>12</budget>
 <bs>
 <b>
-<a>2</a>
-<b>3</b>
-<v>36</v>
-</b>
-<b>
 <a>3</a>
 <b>4</b>
-<v>3197</v>
+<v>3173</v>
 </b>
 <b>
 <a>4</a>
 <b>5</b>
-<v>7331</v>
+<v>7392</v>
 </b>
 </bs>
 </hist>
@ -1594,8 +1589,8 @@
 <budget>12</budget>
 <bs>
 <b>
-<a>1012</a>
-<b>1013</b>
+<a>1016</a>
+<b>1017</b>
 <v>12</v>
 </b>
 </bs>
@ -1652,13 +1647,13 @@
 <v>12</v>
 </b>
 <b>
-<a>558</a>
-<b>559</b>
+<a>549</a>
+<b>550</b>
 <v>12</v>
 </b>
 <b>
-<a>582</a>
-<b>583</b>
+<a>590</a>
+<b>591</b>
 <v>12</v>
 </b>
 </bs>
@ -1675,27 +1670,27 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>7817</v>
+<v>8061</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>2504</v>
+<v>2310</v>
 </b>
 <b>
 <a>3</a>
 <b>4</b>
-<v>984</v>
+<v>838</v>
 </b>
 <b>
 <a>4</a>
-<b>17</b>
-<v>924</v>
+<b>9</b>
+<v>948</v>
 </b>
 <b>
-<a>17</a>
-<b>602</b>
-<v>72</v>
+<a>9</a>
+<b>611</b>
+<v>194</v>
 </b>
 </bs>
 </hist>
@ -1711,7 +1706,7 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>12304</v>
+<v>12352</v>
 </b>
 </bs>
 </hist>
@ -1727,17 +1722,12 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>10590</v>
+<v>10675</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>1690</v>
-</b>
-<b>
-<a>3</a>
-<b>4</b>
-<v>24</v>
+<v>1677</v>
 </b>
 </bs>
 </hist>
@ -2116,7 +2106,7 @@
 </e>
 <e>
 <k>cpu_seconds</k>
-<v>8340</v>
+<v>8535</v>
 </e>
 <e>
 <k>elapsed_seconds</k>
@ -2166,17 +2156,17 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>6954</v>
+<v>7319</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>948</v>
+<v>765</v>
 </b>
 <b>
 <a>3</a>
-<b>7</b>
-<v>437</v>
+<b>9</b>
+<v>449</v>
 </b>
 </bs>
 </hist>
@ -2192,12 +2182,12 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>7793</v>
+<v>7975</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>547</v>
+<v>559</v>
 </b>
 </bs>
 </hist>
@ -2213,17 +2203,27 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>12</v>
+<v>24</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>36</v>
+<v>12</v>
 </b>
 <b>
 <a>3</a>
 <b>4</b>
-<v>24</v>
+<v>12</v>
+</b>
+<b>
+<a>4</a>
+<b>5</b>
+<v>12</v>
+</b>
+<b>
+<a>5</a>
+<b>6</b>
+<v>12</v>
 </b>
 <b>
 <a>10</a>
@ -2231,38 +2231,38 @@
 <v>12</v>
 </b>
 <b>
-<a>23</a>
-<b>24</b>
+<a>20</a>
+<b>21</b>
 <v>12</v>
 </b>
 <b>
-<a>25</a>
-<b>26</b>
+<a>22</a>
+<b>23</b>
 <v>12</v>
 </b>
 <b>
-<a>44</a>
-<b>45</b>
+<a>50</a>
+<b>51</b>
 <v>12</v>
 </b>
 <b>
-<a>131</a>
-<b>132</b>
+<a>136</a>
+<b>137</b>
 <v>12</v>
 </b>
 <b>
-<a>134</a>
-<b>135</b>
+<a>143</a>
+<b>144</b>
 <v>12</v>
 </b>
 <b>
-<a>239</a>
-<b>240</b>
+<a>231</a>
+<b>232</b>
 <v>12</v>
 </b>
 <b>
-<a>252</a>
-<b>253</b>
+<a>243</a>
+<b>244</b>
 <v>12</v>
 </b>
 </bs>
@ -2279,17 +2279,27 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>12</v>
+<v>24</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>36</v>
+<v>12</v>
 </b>
 <b>
 <a>3</a>
 <b>4</b>
-<v>24</v>
+<v>12</v>
+</b>
+<b>
+<a>4</a>
+<b>5</b>
+<v>12</v>
+</b>
+<b>
+<a>5</a>
+<b>6</b>
+<v>12</v>
 </b>
 <b>
 <a>10</a>
@ -2297,13 +2307,18 @@
 <v>12</v>
 </b>
 <b>
-<a>23</a>
-<b>24</b>
-<v>24</v>
+<a>20</a>
+<b>21</b>
+<v>12</v>
 </b>
 <b>
-<a>44</a>
-<b>45</b>
+<a>22</a>
+<b>23</b>
+<v>12</v>
+</b>
+<b>
+<a>49</a>
+<b>50</b>
 <v>12</v>
 </b>
 <b>
@ -2312,18 +2327,18 @@
 <v>12</v>
 </b>
 <b>
-<a>119</a>
-<b>120</b>
+<a>131</a>
+<b>132</b>
 <v>12</v>
 </b>
 <b>
-<a>167</a>
-<b>168</b>
+<a>169</a>
+<b>170</b>
 <v>12</v>
 </b>
 <b>
-<a>226</a>
-<b>227</b>
+<a>225</a>
+<b>226</b>
 <v>12</v>
 </b>
 </bs>
@ -25509,15 +25524,15 @@
 </relation>
 <relation>
 <name>specifiers</name>
-<cardinality>534</cardinality>
+<cardinality>547</cardinality>
 <columnsizes>
 <e>
 <k>id</k>
-<v>534</v>
+<v>547</v>
 </e>
 <e>
 <k>str</k>
-<v>534</v>
+<v>547</v>
 </e>
 </columnsizes>
 <dependencies>
@ -25531,7 +25546,7 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>534</v>
+<v>547</v>
 </b>
 </bs>
 </hist>
@ -25547,7 +25562,7 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>534</v>
+<v>547</v>
 </b>
 </bs>
 </hist>
@ -25783,15 +25798,15 @@
 </relation>
 <relation>
 <name>varspecifiers</name>
-<cardinality>1123155</cardinality>
+<cardinality>1123267</cardinality>
 <columnsizes>
 <e>
 <k>var_id</k>
-<v>934190</v>
+<v>934196</v>
 </e>
 <e>
 <k>spec_id</k>
-<v>59</v>
+<v>65</v>
 </e>
 </columnsizes>
 <dependencies>
@ -25805,12 +25820,12 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>794367</v>
+<v>794360</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>92268</v>
+<v>92281</v>
 </b>
 <b>
 <a>3</a>
@ -25829,6 +25844,11 @@
 <budget>12</budget>
 <bs>
 <b>
+<a>17</a>
+<b>18</b>
+<v>6</v>
+</b>
+<b>
 <a>160</a>
 <b>161</b>
 <v>6</v>
@ -31177,7 +31197,7 @@
 </e>
 <e>
 <k>text</k>
-<v>783272</v>
+<v>694155</v>
 </e>
 </columnsizes>
 <dependencies>
@ -31249,12 +31269,12 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>636633</v>
+<v>639589</v>
 </b>
 <b>
 <a>2</a>
-<b>46988</b>
-<v>14757</v>
+<b>1792</b>
+<v>11801</v>
 </b>
 </bs>
 </hist>
@ -31270,27 +31290,22 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>550455</v>
+<v>556144</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>107883</v>
+<v>79204</v>
 </b>
 <b>
 <a>3</a>
-<b>4</b>
-<v>47197</v>
+<b>15</b>
+<v>52136</v>
 </b>
 <b>
-<a>4</a>
-<b>12</b>
-<v>58906</v>
-</b>
-<b>
-<a>12</a>
-<b>1777031</b>
-<v>18831</v>
+<a>15</a>
+<b>3666580</b>
+<v>6671</v>
 </b>
 </bs>
 </hist>
@ -31306,12 +31321,12 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>762676</v>
+<v>692986</v>
 </b>
 <b>
 <a>2</a>
-<b>5856</b>
-<v>20596</v>
+<b>26</b>
+<v>1169</v>
 </b>
 </bs>
 </hist>
@ -35558,15 +35573,15 @@
 </relation>
 <relation>
 <name>constexpr_if_then</name>
-<cardinality>2</cardinality>
+<cardinality>3</cardinality>
 <columnsizes>
 <e>
 <k>constexpr_if_stmt</k>
-<v>2</v>
+<v>3</v>
 </e>
 <e>
 <k>then_id</k>
-<v>2</v>
+<v>3</v>
 </e>
 </columnsizes>
 <dependencies>
@ -35580,7 +35595,7 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>2</v>
+<v>3</v>
 </b>
 </bs>
 </hist>
@ -35596,7 +35611,7 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>2</v>
+<v>3</v>
 </b>
 </bs>
 </hist>
--- a/cpp/ql/test/library-tests/lambdas/captures/captures.cpp
+++ b/cpp/ql/test/library-tests/lambdas/captures/captures.cpp
@ -17,3 +17,11 @@ struct foo {
    };
  }
 };
+
+int d(int x, int y) {
+  auto myLambda = [&, x](int z) -> int {
+    return x + y + z;
+  };
+
+  return myLambda(1000);
+}
--- a/cpp/ql/test/library-tests/lambdas/captures/captures.expected
+++ b/cpp/ql/test/library-tests/lambdas/captures/captures.expected
@ -1,6 +1,8 @@
-| captures.cpp:3:6:3:6 | x | explicit | 0 |
-| captures.cpp:3:9:3:12 | (captured this) | explicit | 1 |
-| captures.cpp:10:7:10:7 | (captured this) | implicit | 0 |
-| captures.cpp:10:9:10:9 | x | implicit | 1 |
-| captures.cpp:15:6:15:6 | x | explicit | 0 |
-| end_pos.cpp:9:17:9:18 | ii | explicit | 0 |
+| captures.cpp:3:6:3:6 | x | explicit | 0 | x | x |
+| captures.cpp:3:9:3:12 | (captured this) | explicit | 1 | (captured this) | this |
+| captures.cpp:10:7:10:7 | (captured this) | implicit | 0 | (captured this) | this |
+| captures.cpp:10:9:10:9 | x | implicit | 1 | x | x |
+| captures.cpp:15:6:15:6 | x | explicit | 0 | x | x |
+| captures.cpp:22:23:22:23 | x | explicit | 0 | x | x |
+| captures.cpp:23:16:23:16 | y | implicit | 1 | y | y |
+| end_pos.cpp:9:17:9:18 | ii | explicit | 0 | ii | ii |
--- a/cpp/ql/test/library-tests/lambdas/captures/captures.ql
+++ b/cpp/ql/test/library-tests/lambdas/captures/captures.ql
@ -4,4 +4,4 @@ from LambdaCapture lc, string mode, int index
 where
  exists(LambdaExpression le | le.getCapture(index) = lc) and
  if lc.isImplicit() then mode = "implicit" else mode = "explicit"
-select lc, mode, index
+select lc, mode, index, concat(lc.getField().toString(), ", "), concat(lc.getInitializer().toString(), ", ")
--- a/cpp/ql/test/library-tests/lambdas/captures/elements.expected
+++ b/cpp/ql/test/library-tests/lambdas/captures/elements.expected
@ -24,8 +24,10 @@
 | captures.cpp:3:6:3:6 | definition of x |
 | captures.cpp:3:6:3:6 | x |
 | captures.cpp:3:6:3:6 | x |
+| captures.cpp:3:6:3:6 | x |
 | captures.cpp:3:9:3:9 | (captured this) |
 | captures.cpp:3:9:3:9 | definition of (captured this) |
+| captures.cpp:3:9:3:12 | (captured this) |
 | captures.cpp:3:9:3:12 | this |
 | captures.cpp:3:15:3:15 | definition of operator() |
 | captures.cpp:3:15:3:15 | operator() |
@ -56,11 +58,13 @@
 | captures.cpp:9:9:9:9 | operator() |
 | captures.cpp:9:9:11:5 | { ... } |
 | captures.cpp:10:7:10:7 | (captured this) |
+| captures.cpp:10:7:10:7 | (captured this) |
 | captures.cpp:10:7:10:7 | call to b |
 | captures.cpp:10:7:10:7 | definition of (captured this) |
 | captures.cpp:10:7:10:15 | ExprStmt |
 | captures.cpp:10:9:10:9 | definition of x |
 | captures.cpp:10:9:10:9 | x |
+| captures.cpp:10:9:10:9 | x |
 | captures.cpp:10:9:10:13 | ... + ... |
 | captures.cpp:10:13:10:13 | 1 |
 | captures.cpp:11:5:11:5 | return ... |
@ -84,6 +88,7 @@
 | captures.cpp:15:6:15:6 | definition of x |
 | captures.cpp:15:6:15:6 | x |
 | captures.cpp:15:6:15:6 | x |
+| captures.cpp:15:6:15:6 | x |
 | captures.cpp:15:9:15:9 | definition of operator() |
 | captures.cpp:15:9:15:9 | operator() |
 | captures.cpp:15:9:17:5 | { ... } |
@ -93,6 +98,55 @@
 | captures.cpp:16:13:16:49 | // `x` is unused, but still captured. |
 | captures.cpp:17:5:17:5 | return ... |
 | captures.cpp:18:3:18:3 | return ... |
+| captures.cpp:21:5:21:5 | d |
+| captures.cpp:21:5:21:5 | definition of d |
+| captures.cpp:21:11:21:11 | definition of x |
+| captures.cpp:21:11:21:11 | x |
+| captures.cpp:21:18:21:18 | definition of y |
+| captures.cpp:21:18:21:18 | y |
+| captures.cpp:21:21:27:1 | { ... } |
+| captures.cpp:22:3:24:4 | declaration |
+| captures.cpp:22:8:22:15 | definition of myLambda |
+| captures.cpp:22:8:22:15 | myLambda |
+| captures.cpp:22:18:24:3 | initializer for myLambda |
+| captures.cpp:22:19:22:19 | (constructor) |
+| captures.cpp:22:19:22:19 | (constructor) |
+| captures.cpp:22:19:22:19 | (constructor) |
+| captures.cpp:22:19:22:19 | Unknown literal |
+| captures.cpp:22:19:22:19 | Unknown literal |
+| captures.cpp:22:19:22:19 | constructor init of field x |
+| captures.cpp:22:19:22:19 | constructor init of field y |
+| captures.cpp:22:19:22:19 | declaration of (null) |
+| captures.cpp:22:19:22:19 | definition of (null) |
+| captures.cpp:22:19:22:19 | definition of (null) |
+| captures.cpp:22:19:22:19 | definition of operator= |
+| captures.cpp:22:19:22:19 | operator= |
+| captures.cpp:22:19:22:19 | return ... |
+| captures.cpp:22:19:22:19 | { ... } |
+| captures.cpp:22:19:24:3 | [...](...){...} |
+| captures.cpp:22:19:24:3 | {...} |
+| captures.cpp:22:23:22:23 | definition of x |
+| captures.cpp:22:23:22:23 | x |
+| captures.cpp:22:23:22:23 | x |
+| captures.cpp:22:23:22:23 | x |
+| captures.cpp:22:25:22:25 | definition of operator() |
+| captures.cpp:22:25:22:25 | operator() |
+| captures.cpp:22:30:22:30 | definition of z |
+| captures.cpp:22:30:22:30 | z |
+| captures.cpp:22:40:24:3 | { ... } |
+| captures.cpp:23:5:23:21 | return ... |
+| captures.cpp:23:12:23:16 | ... + ... |
+| captures.cpp:23:12:23:20 | ... + ... |
+| captures.cpp:23:16:23:16 | (reference dereference) |
+| captures.cpp:23:16:23:16 | definition of y |
+| captures.cpp:23:16:23:16 | y |
+| captures.cpp:23:16:23:16 | y |
+| captures.cpp:23:20:23:20 | z |
+| captures.cpp:26:3:26:24 | return ... |
+| captures.cpp:26:10:26:17 | (const lambda [] type at line 22, col. 19)... |
+| captures.cpp:26:10:26:17 | myLambda |
+| captures.cpp:26:18:26:18 | call to operator() |
+| captures.cpp:26:19:26:22 | 1000 |
 | end_pos.cpp:0:0:0:0 | end_pos.cpp |
 | end_pos.cpp:2:1:2:14 | #define OPEN { |
 | end_pos.cpp:3:6:3:10 | definition of igFun |
@ -129,6 +183,7 @@
 | end_pos.cpp:9:17:9:17 | ii |
 | end_pos.cpp:9:17:9:18 | (reference to) |
 | end_pos.cpp:9:17:9:18 | ii |
+| end_pos.cpp:9:17:9:18 | ii |
 | end_pos.cpp:9:20:9:20 | definition of operator() |
 | end_pos.cpp:9:20:9:20 | operator() |
 | end_pos.cpp:9:27:11:5 | { ... } |
@ -139,8 +194,13 @@
 | file://:0:0:0:0 | (captured this) |
 | file://:0:0:0:0 | (captured this) |
 | file://:0:0:0:0 | (global namespace) |
+| file://:0:0:0:0 | (reference to) |
+| file://:0:0:0:0 | ..()(..) |
 | file://:0:0:0:0 | ..()(..) |
 | file://:0:0:0:0 | ..(*)(..) |
+| file://:0:0:0:0 | ..(*)(..) |
+| file://:0:0:0:0 | ..(*)(..) |
+| file://:0:0:0:0 | ..(..) |
 | file://:0:0:0:0 | __va_list_tag |
 | file://:0:0:0:0 | __va_list_tag & |
 | file://:0:0:0:0 | __va_list_tag && |
@ -161,6 +221,10 @@
 | file://:0:0:0:0 | const lambda [] type at line 9, col. 15 & |
 | file://:0:0:0:0 | const lambda [] type at line 15, col. 5 |
 | file://:0:0:0:0 | const lambda [] type at line 15, col. 5 & |
+| file://:0:0:0:0 | const lambda [] type at line 22, col. 19 |
+| file://:0:0:0:0 | const lambda [] type at line 22, col. 19 & |
+| file://:0:0:0:0 | const lambda [] type at line 22, col. 19 * |
+| file://:0:0:0:0 | const lambda [] type at line 22, col. 19 *const |
 | file://:0:0:0:0 | declaration of 1st parameter |
 | file://:0:0:0:0 | declaration of 1st parameter |
 | file://:0:0:0:0 | declaration of 1st parameter |
@ -175,6 +239,10 @@
 | file://:0:0:0:0 | declaration of 1st parameter |
 | file://:0:0:0:0 | declaration of 1st parameter |
 | file://:0:0:0:0 | declaration of 1st parameter |
+| file://:0:0:0:0 | declaration of 1st parameter |
+| file://:0:0:0:0 | declaration of 1st parameter |
+| file://:0:0:0:0 | declaration of 1st parameter |
+| file://:0:0:0:0 | decltype([...](...){...}) |
 | file://:0:0:0:0 | decltype([...](...){...}) |
 | file://:0:0:0:0 | decltype([...](...){...}) |
 | file://:0:0:0:0 | decltype([...](...){...}) |
@ -200,6 +268,9 @@
 | file://:0:0:0:0 | lambda [] type at line 9, col. 15 && |
 | file://:0:0:0:0 | lambda [] type at line 15, col. 5 & |
 | file://:0:0:0:0 | lambda [] type at line 15, col. 5 && |
+| file://:0:0:0:0 | lambda [] type at line 22, col. 19 & |
+| file://:0:0:0:0 | lambda [] type at line 22, col. 19 && |
+| file://:0:0:0:0 | lambda [] type at line 22, col. 19 * |
 | file://:0:0:0:0 | operator= |
 | file://:0:0:0:0 | operator= |
 | file://:0:0:0:0 | overflow_arg_area |
@ -219,13 +290,21 @@
 | file://:0:0:0:0 | p#0 |
 | file://:0:0:0:0 | p#0 |
 | file://:0:0:0:0 | p#0 |
+| file://:0:0:0:0 | p#0 |
+| file://:0:0:0:0 | p#0 |
+| file://:0:0:0:0 | p#0 |
 | file://:0:0:0:0 | reg_save_area |
 | file://:0:0:0:0 | this |
 | file://:0:0:0:0 | this |
 | file://:0:0:0:0 | this |
 | file://:0:0:0:0 | this |
 | file://:0:0:0:0 | this |
+| file://:0:0:0:0 | this |
+| file://:0:0:0:0 | this |
 | file://:0:0:0:0 | void * |
 | file://:0:0:0:0 | x |
 | file://:0:0:0:0 | x |
 | file://:0:0:0:0 | x |
+| file://:0:0:0:0 | x |
+| file://:0:0:0:0 | y |
+| file://:0:0:0:0 | y |
--- a/cpp/upgrades/c3e69834734e3ef4170e996c5b96a89619799346/old.dbscheme
+++ b/cpp/upgrades/c3e69834734e3ef4170e996c5b96a89619799346/old.dbscheme
--- a/cpp/upgrades/c3e69834734e3ef4170e996c5b96a89619799346/semmlecode.cpp.dbscheme
+++ b/cpp/upgrades/c3e69834734e3ef4170e996c5b96a89619799346/semmlecode.cpp.dbscheme
--- a/cpp/upgrades/c3e69834734e3ef4170e996c5b96a89619799346/upgrade.properties
+++ b/cpp/upgrades/c3e69834734e3ef4170e996c5b96a89619799346/upgrade.properties
@ -0,0 +1,2 @@
+description: LambdaCaptures are now Elements.
+compatibility: full
--- a/javascript/ql/src/JSDoc/UndocumentedParameter.ql
+++ b/javascript/ql/src/JSDoc/UndocumentedParameter.ql
@ -8,7 +8,7 @@
 * @tags maintainability
 *       readability
 *       documentation
- * @precision medium
+ * @precision high
 */

 import javascript
@ -22,6 +22,6 @@ where
  exists(doc.getATag().(JSDocParamTag).getDocumentedParameter()) and
  // but v is not
  not doc.getATag().(JSDocParamTag).getDocumentedParameter() = v and
-  // don't report a violation in ambiguous cases
+  // don't report an alert in ambiguous cases
  strictcount(JSDoc d | d = f.getDocumentation() and d.getATag() instanceof JSDocParamTag) = 1
 select parm, "Parameter " + v.getName() + " is not documented."
--- a/python/ql/src/semmle/python/types/Extensions.qll
+++ b/python/ql/src/semmle/python/types/Extensions.qll
@ -128,6 +128,20 @@ class BottleRoutePointToExtension extends PointsToExtension {

 /* Python 3.6+ regex module constants */

+string short_flag(string flag) {
+    (flag = "ASCII" or
+     flag = "IGNORECASE" or
+     flag = "LOCALE" or
+     flag = "UNICODE" or
+     flag = "MULTILINE" or
+     flag = "TEMPLATE")
+    and result = flag.prefix(1)
+    or
+    flag = "DOTALL" and result = "S"
+    or
+    flag = "VERBOSE" and result = "X"
+}
+
 class ReModulePointToExtension extends PointsToExtension {

    string name;
@ -139,9 +153,10 @@ class ReModulePointToExtension extends PointsToExtension {
    }

    override predicate pointsTo(Context context, ObjectInternal value, ControlFlowNode origin) {
-        exists(ModuleObjectInternal sre_constants, CfgOrigin orig |
+        exists(ModuleObjectInternal sre_constants, CfgOrigin orig, string flag |
+            (name = flag or name = short_flag(flag)) and
            sre_constants.getName() = "sre_constants" and
-            sre_constants.attribute("SRE_FLAG_" + name, value, orig) and
+            sre_constants.attribute("SRE_FLAG_" + flag, value, orig) and
            origin = orig.asCfgNodeOrHere(this)
        )
        and pointsTo_helper(context)
--- a/python/ql/test/library-tests/regex/Mode.expected
+++ b/python/ql/test/library-tests/regex/Mode.expected
@ -7,3 +7,4 @@
 | 50 | VERBOSE |
 | 51 | UNICODE |
 | 52 | UNICODE |
+| 64 | MULTILINE |
--- a/python/ql/test/library-tests/regex/test.py
+++ b/python/ql/test/library-tests/regex/test.py
@ -60,3 +60,5 @@ re.compile(r'(?:(?P<n1>^(?:|x)))')

 #Misparsed on LGTM
 re.compile(r"\[(?P<txt>[^[]*)\]\((?P<uri>[^)]*)")
+
+re.compile("", re.M) # ODASA-8056