Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3e98623

Browse files
MathiasVPMathiasVP
committed
C++: No need for 'decodeUnknownContent' if we specify the MaD summary rows correctly. This avoids a bad join in a compiler-generated predicate.
1 parent 6513c33 commit 3e98623

2 files changed

Lines changed: 14 additions & 33 deletions

File tree

cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll

Lines changed: 2 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -45,12 +45,12 @@ module Input implements InputSig<Location, DataFlowImplSpecific::CppDataFlow> {
4545

4646
string encodeWithoutContent(ContentSet c, string arg) {
4747
// used for type tracking, not currently used in C/C++.
48-
result = "WithoutContent" + c and arg = ""
48+
none()
4949
}
5050

5151
string encodeWithContent(ContentSet c, string arg) {
5252
// used for type tracking, not currently used in C/C++.
53-
result = "WithContent" + c and arg = ""
53+
none()
5454
}
5555

5656
/**
@@ -85,25 +85,6 @@ module Input implements InputSig<Location, DataFlowImplSpecific::CppDataFlow> {
8585
token.getName() = "Parameter" and
8686
result = decodePosition(token.getAnArgument())
8787
}
88-
89-
bindingset[token]
90-
ContentSet decodeUnknownContent(AccessPath::AccessPathTokenBase token) {
91-
// field content (no indirection support)
92-
exists(FieldContent c |
93-
result.isSingleton(c) and
94-
token.getName() = c.getField().getName() and
95-
not exists(token.getArgumentList()) and
96-
c.getIndirectionIndex() = 1
97-
)
98-
or
99-
// field content (with indirection support)
100-
exists(FieldContent c |
101-
result.isSingleton(c) and
102-
token.getName() = c.getField().getName() and
103-
// FieldContent indices have 0 for the address, 1 for content, so we need to subtract one.
104-
token.getAnArgument() = repeatStars(c.getIndirectionIndex() - 1)
105-
)
106-
}
10788
}
10889

10990
private import Make<Location, DataFlowImplSpecific::CppDataFlow, Input> as Impl

cpp/ql/test/library-tests/dataflow/models-as-data/testModels.qll

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -80,22 +80,22 @@ private class TestSummaries extends SummaryModelCsv {
8080
";;false;madArgsComplex;;;Argument[*0..1,2];ReturnValue;taint",
8181
";;false;madAndImplementedComplex;;;Argument[2];ReturnValue;taint",
8282
";;false;madArgsAny;;;Argument;ReturnValue;taint", // (syntax not supported)
83-
";;false;madArg0FieldToReturn;;;Argument[0].value;ReturnValue;taint",
84-
";;false;madArg0IndirectFieldToReturn;;;Argument[*0].value;ReturnValue;taint",
85-
";;false;madArg0FieldIndirectToReturn;;;Argument[0].ptr[*];ReturnValue;taint",
86-
";;false;madArg0ToReturnField;;;Argument[0];ReturnValue.value;taint",
87-
";;false;madArg0ToReturnIndirectField;;;Argument[0];ReturnValue[*].value;taint",
88-
";;false;madArg0ToReturnFieldIndirect;;;Argument[0];ReturnValue.ptr[*];taint",
89-
";;false;madFieldToFieldVar;;;value;value2;taint",
90-
";;false;madFieldToIndirectFieldVar;;;value;ptr[*];taint",
91-
";;false;madIndirectFieldToFieldVar;;;;value;value2;taint", // not correctly expressed
83+
";;false;madArg0FieldToReturn;;;Argument[0].Field[value];ReturnValue;taint",
84+
";;false;madArg0IndirectFieldToReturn;;;Argument[*0].Field[value];ReturnValue;taint",
85+
";;false;madArg0FieldIndirectToReturn;;;Argument[0].Field[*ptr];ReturnValue;taint",
86+
";;false;madArg0ToReturnField;;;Argument[0];ReturnValue.Field[value];taint",
87+
";;false;madArg0ToReturnIndirectField;;;Argument[0];ReturnValue[*].Field[value];taint",
88+
";;false;madArg0ToReturnFieldIndirect;;;Argument[0];ReturnValue.Field[*ptr];taint",
89+
";;false;madFieldToFieldVar;;;Field[value];Field[value2];taint",
90+
";;false;madFieldToIndirectFieldVar;;;Field[value];Field[*ptr];taint",
91+
";;false;madIndirectFieldToFieldVar;;;;Field[value];Field[value2];taint", // not correctly expressed
9292
";MyClass;true;madArg0ToSelf;;;Argument[0];Argument[-1];taint",
9393
";MyClass;true;madSelfToReturn;;;Argument[-1];ReturnValue;taint",
94-
";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].val;taint",
95-
";MyClass;true;madFieldToReturn;;;Argument[-1].val;ReturnValue;taint",
94+
";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].Field[val];taint",
95+
";MyClass;true;madFieldToReturn;;;Argument[-1].Field[val];ReturnValue;taint",
9696
"MyNamespace;MyClass;true;namespaceMadSelfToReturn;;;Argument[-1];ReturnValue;taint",
9797
";;false;madCallArg0ReturnToReturn;;;Argument[0].ReturnValue;ReturnValue;value",
98-
";;false;madCallArg0ReturnToReturnFirst;;;Argument[0].ReturnValue;ReturnValue.first;value",
98+
";;false;madCallArg0ReturnToReturnFirst;;;Argument[0].ReturnValue;ReturnValue.Field[first];value",
9999
";;false;madCallArg0WithValue;;;Argument[1];Argument[0].Parameter[0];value",
100100
";;false;madCallReturnValueIgnoreFunction;;;Argument[1];ReturnValue;value",
101101
]

0 commit comments

Comments
 (0)