Skip to content

Commit

Permalink
Merge pull request #15835 from MathiasVP/initial-def-of-addresses
Browse files Browse the repository at this point in the history
C++: Provide an initial SSA definition of the address of a variable
  • Loading branch information
MathiasVP authored Mar 11, 2024
2 parents 00c2285 + a548316 commit 73c4fe0
Show file tree
Hide file tree
Showing 12 changed files with 277 additions and 29 deletions.
57 changes: 49 additions & 8 deletions cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ predicate hasRawIndirectInstruction(Instruction instr, int indirectionIndex) {

cached
private newtype TDefOrUseImpl =
TDefAddressImpl(BaseIRVariable v) or
TDefImpl(BaseSourceVariableInstruction base, Operand address, int indirectionIndex) {
isDef(_, _, address, base, _, indirectionIndex)
} or
Expand Down Expand Up @@ -256,23 +257,63 @@ private predicate sourceVariableHasBaseAndIndex(SourceVariable v, BaseSourceVari
}

abstract class DefImpl extends DefOrUseImpl {
Operand address;
int ind;

bindingset[ind]
DefImpl() { any() }

override int getIndirectionIndex() { result = ind }

override string toString() { result = "Def of " + this.getSourceVariable() }

abstract int getIndirection();

abstract predicate isCertain();

abstract Node0Impl getValue();
}

abstract predicate isCertain();
/** An initial definition of an `IRVariable`'s address. */
private class DefAddressImpl extends DefImpl, TDefAddressImpl {
BaseIRVariable v;

Operand getAddressOperand() { result = address }
DefAddressImpl() {
this = TDefAddressImpl(v) and
ind = 0
}

override int getIndirectionIndex() { result = ind }
final override int getIndirection() { result = 0 }

override string toString() { result = "Def of " + this.getSourceVariable() }
final override predicate isCertain() { any() }

final override Node0Impl getValue() { none() }

final override predicate hasIndexInBlock(IRBlock block, int index) {
block = v.getIRVariable().getEnclosingIRFunction().getEntryBlock() and
index = 0
}

override Cpp::Location getLocation() { result = v.getIRVariable().getLocation() }

final override SourceVariable getSourceVariable() {
result.getBaseVariable() = v and
result.getIndirection() = 0
}

final override BaseSourceVariableInstruction getBase() { none() }
}

/**
* An SSA definition that has an associated `Operand` representing the address
* that is being written to.
*/
abstract private class OperandBasedDef extends DefImpl {
Operand address;

bindingset[ind]
OperandBasedDef() { any() }

Operand getAddressOperand() { result = address }

override Cpp::Location getLocation() { result = this.getAddressOperand().getUse().getLocation() }

Expand All @@ -281,7 +322,7 @@ abstract class DefImpl extends DefOrUseImpl {
}
}

private class DirectDef extends DefImpl, TDefImpl {
private class DirectDef extends OperandBasedDef, TDefImpl {
BaseSourceVariableInstruction base;

DirectDef() { this = TDefImpl(base, address, ind) }
Expand All @@ -295,7 +336,7 @@ private class DirectDef extends DefImpl, TDefImpl {
override predicate isCertain() { isDef(true, _, address, base, _, ind) }
}

private class IteratorDef extends DefImpl, TIteratorDef {
private class IteratorDef extends OperandBasedDef, TIteratorDef {
BaseSourceVariableInstruction container;

IteratorDef() { this = TIteratorDef(address, container, ind) }
Expand Down Expand Up @@ -1178,7 +1219,7 @@ class UseOrPhi extends SsaDefOrUse {
class Def extends DefOrUse {
override DefImpl defOrUse;

Operand getAddressOperand() { result = defOrUse.getAddressOperand() }
Operand getAddressOperand() { result = defOrUse.(OperandBasedDef).getAddressOperand() }

Instruction getAddress() { result = this.getAddressOperand().getDef() }

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,8 @@ postWithInFlow
| test.cpp:932:5:932:19 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:932:6:932:19 | global_pointer [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1045:9:1045:11 | ref arg buf | PostUpdateNode should not be the target of local flow. |
| test.cpp:1051:5:1051:11 | content [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1052:9:1052:9 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,197 @@
| example.c:15:37:15:37 | **b | example.c:15:37:15:37 | **b |
| example.c:15:37:15:37 | **b | example.c:15:37:15:37 | **b |
| example.c:15:37:15:37 | **b | example.c:15:37:15:37 | *b |
| example.c:15:37:15:37 | **b | example.c:19:6:19:6 | *b |
| example.c:15:37:15:37 | *b | example.c:15:37:15:37 | **b |
| example.c:15:37:15:37 | *b | example.c:15:37:15:37 | *b |
| example.c:15:37:15:37 | *b | example.c:15:37:15:37 | *b |
| example.c:15:37:15:37 | *b | example.c:15:37:15:37 | b |
| example.c:15:37:15:37 | *b | example.c:19:6:19:6 | b |
| example.c:15:37:15:37 | b | example.c:15:37:15:37 | *b |
| example.c:15:37:15:37 | b | example.c:15:37:15:37 | b |
| example.c:15:37:15:37 | b | example.c:15:37:15:37 | b |
| example.c:15:37:15:37 | b | example.c:19:6:19:6 | b |
| example.c:15:44:15:46 | pos | example.c:24:24:24:26 | pos |
| example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords |
| example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords |
| example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords |
| example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords |
| example.c:17:11:17:16 | *definition of coords | example.c:24:13:24:18 | *coords |
| example.c:17:11:17:16 | *definition of coords [post update] | example.c:17:11:17:16 | *definition of coords |
| example.c:17:11:17:16 | *definition of coords [post update] | example.c:24:13:24:18 | *coords |
| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | *definition of coords |
| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords |
| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords |
| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords |
| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords |
| example.c:17:11:17:16 | definition of coords | example.c:24:13:24:18 | coords |
| example.c:17:11:17:16 | definition of coords [post update] | example.c:17:11:17:16 | definition of coords |
| example.c:17:11:17:16 | definition of coords [post update] | example.c:24:13:24:18 | coords |
| example.c:17:19:17:22 | {...} | example.c:17:19:17:22 | {...} |
| example.c:17:21:17:21 | 0 | example.c:17:21:17:21 | 0 |
| example.c:19:6:19:6 | *b | example.c:15:37:15:37 | *b |
| example.c:19:6:19:6 | *b [post update] | example.c:15:37:15:37 | *b |
| example.c:19:6:19:6 | *b [post update] | example.c:19:6:19:6 | *b |
| example.c:19:6:19:6 | b [post update] | example.c:19:6:19:6 | b |
| example.c:24:2:24:7 | *coords | example.c:26:18:26:24 | *& ... |
| example.c:24:2:24:7 | *coords [post update] | example.c:26:18:26:24 | *& ... |
| example.c:24:2:24:7 | coords | example.c:26:18:26:24 | & ... |
| example.c:24:2:24:7 | coords [post update] | example.c:26:18:26:24 | & ... |
| example.c:24:13:24:18 | *coords | example.c:24:2:24:7 | *coords |
| example.c:24:13:24:18 | *coords [post update] | example.c:24:2:24:7 | *coords |
| example.c:24:13:24:18 | coords | example.c:24:2:24:7 | coords |
| example.c:24:13:24:18 | coords [post update] | example.c:24:2:24:7 | coords |
| example.c:24:13:24:30 | ... = ... | example.c:24:2:24:30 | ... = ... |
| example.c:24:20:24:20 | *y | example.c:24:20:24:20 | *y |
| example.c:24:20:24:20 | y | example.c:24:20:24:20 | y |
| example.c:24:20:24:20 | y | example.c:24:20:24:20 | y |
| example.c:24:24:24:26 | pos | example.c:28:14:28:25 | & ... |
| example.c:24:24:24:26 | pos | example.c:28:14:28:25 | *& ... |
| example.c:24:24:24:30 | ... + ... | example.c:24:13:24:30 | ... = ... |
| example.c:26:13:26:16 | call to getX | example.c:26:2:26:25 | ... = ... |
| example.c:26:18:26:24 | & ... | example.c:26:2:26:7 | coords |
| example.c:26:18:26:24 | *& ... | example.c:26:2:26:7 | *coords |
| example.c:26:18:26:24 | getX output argument | example.c:26:2:26:7 | *coords |
| example.c:26:18:26:24 | pointer to getX output argument | example.c:26:2:26:7 | coords |
| example.c:26:19:26:24 | *coords | example.c:26:18:26:24 | *& ... |
| example.c:26:19:26:24 | coords | example.c:26:18:26:24 | & ... |
| example.c:28:22:28:25 | & ... | example.c:28:14:28:25 | & ... |
| example.c:28:22:28:25 | *& ... | example.c:28:14:28:25 | *& ... |
| example.c:28:23:28:25 | *pos | example.c:28:22:28:25 | *& ... |
| example.c:28:23:28:25 | pos | example.c:28:22:28:25 | & ... |
| test.cpp:6:12:6:17 | call to source | test.cpp:6:12:6:17 | call to source |
| test.cpp:6:12:6:17 | call to source | test.cpp:7:8:7:9 | t1 |
| test.cpp:7:8:7:9 | t1 | test.cpp:8:8:8:9 | t1 |
| test.cpp:7:8:7:9 | t1 | test.cpp:8:8:8:9 | t1 |
| test.cpp:8:3:8:9 | ... = ... | test.cpp:10:8:10:9 | t2 |
| test.cpp:8:8:8:9 | t1 | test.cpp:8:3:8:9 | ... = ... |
| test.cpp:8:8:8:9 | t1 | test.cpp:9:8:9:9 | t1 |
| test.cpp:8:8:8:9 | t1 | test.cpp:9:8:9:9 | t1 |
| test.cpp:9:8:9:9 | t1 | test.cpp:11:7:11:8 | t1 |
| test.cpp:9:8:9:9 | t1 | test.cpp:11:7:11:8 | t1 |
| test.cpp:10:8:10:9 | t2 | test.cpp:13:10:13:11 | t2 |
| test.cpp:10:8:10:9 | t2 | test.cpp:15:3:15:6 | Phi |
| test.cpp:10:8:10:9 | t2 | test.cpp:15:3:15:6 | Phi |
| test.cpp:11:7:11:8 | t1 | test.cpp:21:8:21:9 | t1 |
| test.cpp:12:5:12:10 | ... = ... | test.cpp:13:10:13:11 | t2 |
| test.cpp:12:10:12:10 | 0 | test.cpp:12:5:12:10 | ... = ... |
| test.cpp:13:10:13:11 | t2 | test.cpp:15:3:15:6 | Phi |
| test.cpp:13:10:13:11 | t2 | test.cpp:15:3:15:6 | Phi |
| test.cpp:15:3:15:6 | Phi | test.cpp:15:8:15:9 | t2 |
| test.cpp:15:3:15:6 | Phi | test.cpp:15:8:15:9 | t2 |
| test.cpp:15:8:15:9 | t2 | test.cpp:23:19:23:19 | Phi |
| test.cpp:15:8:15:9 | t2 | test.cpp:23:19:23:19 | Phi |
| test.cpp:17:3:17:8 | ... = ... | test.cpp:21:8:21:9 | t1 |
| test.cpp:17:8:17:8 | 0 | test.cpp:17:3:17:8 | ... = ... |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | Phi |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | Phi |
| test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | 0 |
| test.cpp:23:15:23:16 | 0 | test.cpp:23:19:23:19 | Phi |
| test.cpp:23:19:23:19 | Phi | test.cpp:23:19:23:19 | i |
| test.cpp:23:19:23:19 | Phi | test.cpp:23:19:23:19 | i |
| test.cpp:23:19:23:19 | Phi | test.cpp:23:23:23:24 | t1 |
| test.cpp:23:19:23:19 | Phi | test.cpp:23:23:23:24 | t1 |
| test.cpp:23:19:23:19 | Phi | test.cpp:24:10:24:11 | t2 |
| test.cpp:23:19:23:19 | Phi | test.cpp:24:10:24:11 | t2 |
| test.cpp:23:19:23:19 | i | test.cpp:23:27:23:27 | i |
| test.cpp:23:19:23:19 | i | test.cpp:23:27:23:27 | i |
| test.cpp:23:23:23:24 | t1 | test.cpp:23:19:23:19 | Phi |
| test.cpp:23:23:23:24 | t1 | test.cpp:26:8:26:9 | t1 |
| test.cpp:23:23:23:24 | t1 | test.cpp:26:8:26:9 | t1 |
| test.cpp:23:27:23:27 | *i | test.cpp:23:27:23:27 | *i |
| test.cpp:23:27:23:27 | *i | test.cpp:23:27:23:27 | i |
| test.cpp:23:27:23:27 | i | test.cpp:23:19:23:19 | Phi |
| test.cpp:23:27:23:27 | i | test.cpp:23:27:23:27 | i |
| test.cpp:23:27:23:27 | i | test.cpp:23:27:23:27 | i |
| test.cpp:23:27:23:29 | ... ++ | test.cpp:23:19:23:19 | Phi |
| test.cpp:23:27:23:29 | ... ++ | test.cpp:23:27:23:29 | ... ++ |
| test.cpp:24:5:24:11 | ... = ... | test.cpp:23:19:23:19 | Phi |
| test.cpp:24:10:24:11 | t2 | test.cpp:23:19:23:19 | Phi |
| test.cpp:24:10:24:11 | t2 | test.cpp:23:19:23:19 | Phi |
| test.cpp:24:10:24:11 | t2 | test.cpp:24:5:24:11 | ... = ... |
| test.cpp:382:48:382:54 | source1 | test.cpp:384:16:384:23 | *& ... |
| test.cpp:383:12:383:13 | 0 | test.cpp:383:12:383:13 | 0 |
| test.cpp:383:12:383:13 | 0 | test.cpp:384:10:384:13 | *& ... |
| test.cpp:384:10:384:13 | & ... | test.cpp:384:3:384:8 | call to memcpy |
| test.cpp:384:10:384:13 | & ... | test.cpp:384:10:384:13 | & ... |
| test.cpp:384:10:384:13 | & ... | test.cpp:385:8:385:10 | tmp |
| test.cpp:384:10:384:13 | *& ... | test.cpp:384:10:384:13 | *& ... |
| test.cpp:384:10:384:13 | memcpy output argument | test.cpp:385:8:385:10 | tmp |
| test.cpp:384:10:384:13 | pointer to memcpy output argument | test.cpp:385:8:385:10 | tmp |
| test.cpp:384:11:384:13 | *tmp | test.cpp:384:10:384:13 | *& ... |
| test.cpp:384:11:384:13 | tmp | test.cpp:384:10:384:13 | & ... |
| test.cpp:384:16:384:23 | & ... | test.cpp:384:16:384:23 | & ... |
| test.cpp:384:16:384:23 | *& ... | test.cpp:384:3:384:8 | **call to memcpy |
| test.cpp:384:16:384:23 | *& ... | test.cpp:384:3:384:8 | *call to memcpy |
| test.cpp:384:16:384:23 | *& ... | test.cpp:384:10:384:13 | memcpy output argument |
| test.cpp:384:16:384:23 | *& ... | test.cpp:384:16:384:23 | *& ... |
| test.cpp:384:16:384:23 | **(const void *)... | test.cpp:384:3:384:8 | **call to memcpy |
| test.cpp:384:16:384:23 | **(const void *)... | test.cpp:384:10:384:13 | memcpy output argument |
| test.cpp:384:17:384:23 | *source1 | test.cpp:384:16:384:23 | *& ... |
| test.cpp:384:17:384:23 | source1 | test.cpp:384:16:384:23 | & ... |
| test.cpp:388:53:388:59 | source1 | test.cpp:391:16:391:23 | *& ... |
| test.cpp:388:66:388:66 | b | test.cpp:393:7:393:7 | b |
| test.cpp:389:12:389:13 | 0 | test.cpp:389:12:389:13 | 0 |
| test.cpp:389:12:389:13 | 0 | test.cpp:390:18:390:21 | *& ... |
| test.cpp:390:18:390:21 | & ... | test.cpp:390:18:390:21 | & ... |
| test.cpp:390:18:390:21 | & ... | test.cpp:391:10:391:13 | & ... |
| test.cpp:390:18:390:21 | *& ... | test.cpp:390:18:390:21 | *& ... |
| test.cpp:390:18:390:21 | *& ... | test.cpp:391:10:391:13 | *& ... |
| test.cpp:390:19:390:21 | *tmp | test.cpp:390:18:390:21 | *& ... |
| test.cpp:390:19:390:21 | tmp | test.cpp:390:18:390:21 | & ... |
| test.cpp:391:10:391:13 | & ... | test.cpp:391:3:391:8 | call to memcpy |
| test.cpp:391:10:391:13 | & ... | test.cpp:391:10:391:13 | & ... |
| test.cpp:391:10:391:13 | & ... | test.cpp:392:8:392:10 | tmp |
| test.cpp:391:10:391:13 | *& ... | test.cpp:391:10:391:13 | *& ... |
| test.cpp:391:10:391:13 | memcpy output argument | test.cpp:392:8:392:10 | tmp |
| test.cpp:391:10:391:13 | pointer to memcpy output argument | test.cpp:392:8:392:10 | tmp |
| test.cpp:391:11:391:13 | *tmp | test.cpp:391:10:391:13 | *& ... |
| test.cpp:391:11:391:13 | tmp | test.cpp:391:10:391:13 | & ... |
| test.cpp:391:16:391:23 | & ... | test.cpp:391:16:391:23 | & ... |
| test.cpp:391:16:391:23 | *& ... | test.cpp:391:3:391:8 | **call to memcpy |
| test.cpp:391:16:391:23 | *& ... | test.cpp:391:3:391:8 | *call to memcpy |
| test.cpp:391:16:391:23 | *& ... | test.cpp:391:10:391:13 | memcpy output argument |
| test.cpp:391:16:391:23 | *& ... | test.cpp:391:16:391:23 | *& ... |
| test.cpp:391:16:391:23 | **(const void *)... | test.cpp:391:3:391:8 | **call to memcpy |
| test.cpp:391:16:391:23 | **(const void *)... | test.cpp:391:10:391:13 | memcpy output argument |
| test.cpp:391:17:391:23 | *source1 | test.cpp:391:16:391:23 | *& ... |
| test.cpp:391:17:391:23 | source1 | test.cpp:391:16:391:23 | & ... |
| test.cpp:392:8:392:10 | tmp | test.cpp:394:10:394:12 | tmp |
| test.cpp:392:8:392:10 | tmp | test.cpp:394:10:394:12 | tmp |
| test.cpp:487:67:487:67 | **s | test.cpp:487:67:487:67 | **s |
| test.cpp:487:67:487:67 | **s | test.cpp:487:67:487:67 | **s |
| test.cpp:487:67:487:67 | **s | test.cpp:487:67:487:67 | *s |
| test.cpp:487:67:487:67 | **s | test.cpp:488:21:488:21 | *s |
| test.cpp:487:67:487:67 | *s | test.cpp:487:67:487:67 | **s |
| test.cpp:487:67:487:67 | *s | test.cpp:487:67:487:67 | *s |
| test.cpp:487:67:487:67 | *s | test.cpp:487:67:487:67 | *s |
| test.cpp:487:67:487:67 | *s | test.cpp:487:67:487:67 | s |
| test.cpp:487:67:487:67 | *s | test.cpp:488:21:488:21 | s |
| test.cpp:487:67:487:67 | s | test.cpp:487:67:487:67 | *s |
| test.cpp:487:67:487:67 | s | test.cpp:487:67:487:67 | s |
| test.cpp:487:67:487:67 | s | test.cpp:487:67:487:67 | s |
| test.cpp:487:67:487:67 | s | test.cpp:488:21:488:21 | s |
| test.cpp:488:21:488:21 | *s | test.cpp:489:20:489:20 | *s |
| test.cpp:488:21:488:21 | *s [post update] | test.cpp:489:20:489:20 | *s |
| test.cpp:488:21:488:21 | s | test.cpp:489:20:489:20 | s |
| test.cpp:488:21:488:21 | s | test.cpp:489:20:489:20 | s |
| test.cpp:488:21:488:21 | s [post update] | test.cpp:489:20:489:20 | s |
| test.cpp:488:24:488:30 | *content | test.cpp:488:21:488:30 | *content |
| test.cpp:488:24:488:30 | content | test.cpp:488:21:488:30 | content |
| test.cpp:489:20:489:20 | *s | test.cpp:487:67:487:67 | *s |
| test.cpp:489:20:489:20 | *s [post update] | test.cpp:487:67:487:67 | *s |
| test.cpp:489:20:489:20 | *s [post update] | test.cpp:489:20:489:20 | *s |
| test.cpp:489:20:489:20 | s [post update] | test.cpp:489:20:489:20 | s |
| test.cpp:489:23:489:29 | *content | test.cpp:489:23:489:29 | *content |
| test.cpp:489:23:489:29 | *content | test.cpp:490:8:490:17 | * ... |
| test.cpp:489:23:489:29 | content | test.cpp:489:23:489:29 | content |
| test.cpp:489:23:489:29 | content | test.cpp:490:9:490:17 | p_content |
| test.cpp:1050:12:1050:12 | definition of a | test.cpp:1051:3:1051:3 | *a |
| test.cpp:1051:3:1051:3 | *a | test.cpp:1052:8:1052:9 | *& ... |
| test.cpp:1051:3:1051:3 | *a [post update] | test.cpp:1052:8:1052:9 | *& ... |
| test.cpp:1051:3:1051:3 | a | test.cpp:1052:8:1052:9 | & ... |
| test.cpp:1051:3:1051:3 | a [post update] | test.cpp:1052:8:1052:9 | & ... |
| test.cpp:1051:15:1051:21 | 0 | test.cpp:1051:3:1051:21 | ... = ... |
| test.cpp:1051:15:1051:21 | *0 | test.cpp:1051:3:1051:21 | *... = ... |
| test.cpp:1052:9:1052:9 | *a | test.cpp:1052:8:1052:9 | *& ... |
| test.cpp:1052:9:1052:9 | a | test.cpp:1052:8:1052:9 | & ... |
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
import cpp
import semmle.code.cpp.dataflow.new.DataFlow

from DataFlow::Node nodeFrom, DataFlow::Node nodeTo
where
DataFlow::localFlowStep(nodeFrom, nodeTo) and
nodeFrom.getFunction().getName().matches("%\\_with\\_local\\_flow")
select nodeFrom, nodeTo
Original file line number Diff line number Diff line change
Expand Up @@ -81,3 +81,10 @@ WARNING: Module DataFlow has been deprecated and may be removed in future (local
| test.cpp:488:21:488:21 | s [post update] | test.cpp:489:20:489:20 | s |
| test.cpp:488:24:488:30 | ref arg content | test.cpp:489:23:489:29 | content |
| test.cpp:489:23:489:29 | content | test.cpp:490:9:490:17 | p_content |
| test.cpp:1050:12:1050:12 | a | test.cpp:1051:3:1051:3 | a |
| test.cpp:1050:12:1050:12 | a | test.cpp:1052:9:1052:9 | a |
| test.cpp:1051:3:1051:3 | a [post update] | test.cpp:1052:9:1052:9 | a |
| test.cpp:1051:3:1051:21 | ... = ... | test.cpp:1051:5:1051:11 | content [post update] |
| test.cpp:1051:15:1051:21 | 0 | test.cpp:1051:3:1051:21 | ... = ... |
| test.cpp:1052:8:1052:9 | ref arg & ... | test.cpp:1052:9:1052:9 | a [inner post update] |
| test.cpp:1052:9:1052:9 | a | test.cpp:1052:8:1052:9 | & ... |
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ astFlow
| test.cpp:842:11:842:16 | call to source | test.cpp:844:8:844:8 | y |
| test.cpp:846:13:846:27 | call to indirect_source | test.cpp:848:23:848:25 | rpx |
| test.cpp:860:54:860:59 | call to source | test.cpp:861:10:861:37 | static_local_pointer_dynamic |
| test.cpp:1050:12:1050:12 | a | test.cpp:1052:8:1052:9 | & ... |
| true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
| true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
| true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x |
Expand Down
6 changes: 6 additions & 0 deletions cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1044,4 +1044,10 @@ void* memset(void*, int, size_t);
void memset_test(char* buf) { // $ ast-def=buf ir-def=*buf
memset(buf, source(), 10);
sink(*buf); // $ ir MISSING: ast
}

void flow_out_of_address_with_local_flow() {
MyStruct a;
a.content = nullptr;
sink(&a); // $ SPURIOUS: ast
}
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,5 @@
| test.cpp:796:12:796:12 | a | test.cpp:797:20:797:20 | a |
| test.cpp:796:12:796:12 | a | test.cpp:797:31:797:31 | a |
| test.cpp:796:12:796:12 | a | test.cpp:798:17:798:17 | a |
| test.cpp:1050:12:1050:12 | a | test.cpp:1051:3:1051:3 | a |
| test.cpp:1050:12:1050:12 | a | test.cpp:1052:9:1052:9 | a |
Loading

0 comments on commit 73c4fe0

Please sign in to comment.