Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2b19a48

Browse files
aschackmullaschackmull
authored
Merge pull request #3880 from hvitved/dataflow/precise-aps
Data flow: Precise access paths
2 parents a92a701 + 27fc610 commit 2b19a48

31 files changed

Lines changed: 6505 additions & 4339 deletions

File tree

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll

Lines changed: 292 additions & 188 deletions
Large diffs are not rendered by default.

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll

Lines changed: 292 additions & 188 deletions
Large diffs are not rendered by default.

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll

Lines changed: 292 additions & 188 deletions
Large diffs are not rendered by default.

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll

Lines changed: 292 additions & 188 deletions
Large diffs are not rendered by default.

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll

Lines changed: 292 additions & 188 deletions
Large diffs are not rendered by default.

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll

Lines changed: 292 additions & 188 deletions
Large diffs are not rendered by default.

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll

Lines changed: 292 additions & 188 deletions
Large diffs are not rendered by default.

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll

Lines changed: 292 additions & 188 deletions
Large diffs are not rendered by default.

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll

Lines changed: 292 additions & 188 deletions
Large diffs are not rendered by default.

cpp/ql/test/library-tests/dataflow/fields/complex.cpp

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -39,17 +39,8 @@ void sink(int x)
3939

4040
void bar(Outer &b)
4141
{
42-
// The library correctly finds that the four `user_input` sources can make it
43-
// to the `sink` calls, but it also finds some source/sink combinations that
44-
// are impossible. Those false positives here are a consequence of how the
45-
// shared data flow library overapproximates field flow. The library only
46-
// tracks the final two fields (`f` and `inner`) and the length (3) of the field
47-
// access path, and then it tracks that both `a_` and `b_` have followed `f.inner`
48-
// in _some_ access path somewhere in the search. That makes the library conclude
49-
// that there could be flow to `b.inner.f.a_` even when the flow was actually to
50-
// `b.inner.f.b_`.
51-
sink(b.inner.f.a()); // $ast=62:19 $f+:ast=63:19 $ast=64:19 $f+:ast=65:19 $ir=62:19 $f+:ir=63:19 $ir=64:19 $f+:ir=65:19
52-
sink(b.inner.f.b()); // $f+:ast=62:19 $ast=63:19 $f+:ast=64:19 $ast=65:19 $f+:ir=62:19 $ir=63:19 $f+:ir=64:19 $ir=65:19
42+
sink(b.inner.f.a()); // $ast=53:19 $ast=55:19 $ir=53:19 $ir=55:19
43+
sink(b.inner.f.b()); // $ast=54:19 $ast=56:19 $ir=54:19 $ir=56:19
5344
}
5445

5546
void foo()

0 commit comments

Comments
 (0)