@@ -30,26 +30,28 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
3030
3131## Changes to libraries
3232
33- * The data-flow library has been extended with a new feature to aid debugging.
34- Instead of specifying ` isSink(Node n) { any() } ` on a configuration to
35- explore the possible flow from a source, it is recommended to use the new
36- ` Configuration::hasPartialFlow ` predicate, as this gives a more complete
37- picture of the partial flow paths from a given source. The feature is
38- disabled by default and can be enabled for individual configurations by
39- overriding ` int explorationLimit() ` .
40- * The data-flow library now supports flow out of C++ reference parameters.
41- * The data-flow library now allows flow through the address-of operator (` & ` ).
42- * The ` DataFlow::DefinitionByReferenceNode ` class now considers ` f(x) ` to be a
43- definition of ` x ` when ` x ` is a variable of pointer type. It no longer
44- considers deep paths such as ` f(&x.myField) ` to be definitions of ` x ` . These
45- changes are in line with the user expectations we've observed.
46- * The data-flow library now makes it easier to specify barriers/sanitizers
47- arising from guards by overriding the predicate
48- ` isBarrierGuard ` /` isSanitizerGuard ` on data-flow and taint-tracking
49- configurations respectively.
50- * There is now a ` DataFlow::localExprFlow ` predicate and a
51- ` TaintTracking::localExprTaint ` predicate to make it easy to use the most
52- common case of local data flow and taint: from one ` Expr ` to another.
33+ * The data-flow library in ` semmle.code.cpp.dataflow.DataFlow ` and
34+ ` semmle.code.cpp.dataflow.TaintTracking ` have had extensive changes:
35+ * To debug a lack of flow, instead of specifying ` isSink(Node n) { any() } `
36+ on a configuration to
37+ explore the possible flow from a source, it is recommended to use the new
38+ ` Configuration::hasPartialFlow ` predicate as this gives a more complete
39+ picture of the partial flow paths from a given source. The feature is
40+ disabled by default and can be enabled for individual configurations by
41+ overriding ` int explorationLimit() ` .
42+ * There is now flow out of C++ reference parameters.
43+ * There is now flow through the address-of operator (` & ` ).
44+ * The ` DataFlow::DefinitionByReferenceNode ` class now considers ` f(x) ` to be a
45+ definition of ` x ` when ` x ` is a variable of pointer type. It no longer
46+ considers deep paths such as ` f(&x.myField) ` to be definitions of ` x ` . These
47+ changes are in line with the user expectations we've observed.
48+ * It's now easier to specify barriers/sanitizers
49+ arising from guards by overriding the predicate
50+ ` isBarrierGuard ` /` isSanitizerGuard ` on data-flow and taint-tracking
51+ configurations respectively.
52+ * There is now a ` DataFlow::localExprFlow ` predicate and a
53+ ` TaintTracking::localExprTaint ` predicate to make it easy to use the most
54+ common case of local data flow and taint: from one ` Expr ` to another.
5355* The member predicates of the ` FunctionInput ` and ` FunctionOutput ` classes have been renamed for
5456 clarity (e.g. ` isOutReturnPointer() ` to ` isReturnValueDeref() ` ). The existing member predicates
5557 have been deprecated, and will be removed in a future release. Code that uses the old member
0 commit comments