Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5ba5791

Browse files
MathiasVPMathiasVP
committed
C++: Only allow flow through non-conflated chi instructions
1 parent 580310f commit 5ba5791

2 files changed

Lines changed: 1 addition & 17 deletions

File tree

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -219,7 +219,7 @@ abstract class PostUpdateNode extends InstructionNode {
219219
abstract private class PartialDefinitionNode extends PostUpdateNode, TInstructionNode {
220220
final Instruction getInstructionOrChi() {
221221
exists(ChiInstruction chi |
222-
// TODO: This should be a non-conflated ChiInstruction once #3123 is merged
222+
not chi.isResultConflated() and
223223
chi.getPartial() = getInstruction() and
224224
result = chi
225225
)
@@ -356,7 +356,6 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
356356
simpleInstructionLocalFlowStep(nodeFrom.asInstruction(), nodeTo.asInstruction())
357357
or
358358
exists(LoadInstruction load |
359-
// TODO: These can probably be getSourceValue() after #3112 is merged
360359
load.getSourceValueOperand().getAnyDef() =
361360
nodeFrom.(PartialDefinitionNode).getInstructionOrChi() and
362361
nodeTo.asInstruction() = load.getSourceAddress().(FieldAddressInstruction).getObjectAddress()

cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,4 @@
11
edges
2-
| A.cpp:126:5:126:5 | IndirectMayWriteSideEffect [c] : void | A.cpp:131:8:131:8 | BufferMayWriteSideEffect [c] : void |
3-
| A.cpp:126:12:126:18 | new : void | A.cpp:126:5:126:5 | IndirectMayWriteSideEffect [c] : void |
4-
| A.cpp:131:8:131:8 | BufferMayWriteSideEffect [c] : void | A.cpp:132:10:132:10 | b [c] : void |
5-
| A.cpp:132:10:132:10 | b [c] : void | A.cpp:132:13:132:13 | c |
6-
| A.cpp:132:10:132:10 | b [c] : void | A.cpp:132:13:132:13 | c : void |
7-
| A.cpp:132:13:132:13 | c : void | A.cpp:132:10:132:13 | (void *)... |
82
| aliasing.cpp:9:3:9:22 | Store : void | aliasing.cpp:9:3:9:22 | Store [m1] : void |
93
| aliasing.cpp:9:3:9:22 | Store [m1] : void | aliasing.cpp:25:17:25:19 | BufferMayWriteSideEffect [m1] : void |
104
| aliasing.cpp:9:11:9:20 | call to user_input : void | aliasing.cpp:9:3:9:22 | Store : void |
@@ -58,13 +52,6 @@ edges
5852
| struct_init.c:27:7:27:16 | call to user_input : void | struct_init.c:31:23:31:23 | a |
5953
| struct_init.c:31:14:31:21 | nestedAB [a] : void | struct_init.c:31:23:31:23 | a |
6054
nodes
61-
| A.cpp:126:5:126:5 | IndirectMayWriteSideEffect [c] : void | semmle.label | IndirectMayWriteSideEffect [c] : void |
62-
| A.cpp:126:12:126:18 | new : void | semmle.label | new : void |
63-
| A.cpp:131:8:131:8 | BufferMayWriteSideEffect [c] : void | semmle.label | BufferMayWriteSideEffect [c] : void |
64-
| A.cpp:132:10:132:10 | b [c] : void | semmle.label | b [c] : void |
65-
| A.cpp:132:10:132:13 | (void *)... | semmle.label | (void *)... |
66-
| A.cpp:132:13:132:13 | c | semmle.label | c |
67-
| A.cpp:132:13:132:13 | c : void | semmle.label | c : void |
6855
| aliasing.cpp:9:3:9:22 | Store : void | semmle.label | Store : void |
6956
| aliasing.cpp:9:3:9:22 | Store [m1] : void | semmle.label | Store [m1] : void |
7057
| aliasing.cpp:9:11:9:20 | call to user_input : void | semmle.label | call to user_input : void |
@@ -113,8 +100,6 @@ nodes
113100
| struct_init.c:31:14:31:21 | nestedAB [a] : void | semmle.label | nestedAB [a] : void |
114101
| struct_init.c:31:23:31:23 | a | semmle.label | a |
115102
#select
116-
| A.cpp:132:10:132:13 | (void *)... | A.cpp:126:12:126:18 | new : void | A.cpp:132:10:132:13 | (void *)... | (void *)... flows from $@ | A.cpp:126:12:126:18 | new : void | new : void |
117-
| A.cpp:132:13:132:13 | c | A.cpp:126:12:126:18 | new : void | A.cpp:132:13:132:13 | c | c flows from $@ | A.cpp:126:12:126:18 | new : void | new : void |
118103
| aliasing.cpp:29:11:29:12 | m1 | aliasing.cpp:9:11:9:20 | call to user_input : void | aliasing.cpp:29:11:29:12 | m1 | m1 flows from $@ | aliasing.cpp:9:11:9:20 | call to user_input : void | call to user_input : void |
119104
| aliasing.cpp:30:11:30:12 | m1 | aliasing.cpp:13:10:13:19 | call to user_input : void | aliasing.cpp:30:11:30:12 | m1 | m1 flows from $@ | aliasing.cpp:13:10:13:19 | call to user_input : void | call to user_input : void |
120105
| aliasing.cpp:38:11:38:12 | m1 | aliasing.cpp:37:13:37:22 | call to user_input : void | aliasing.cpp:38:11:38:12 | m1 | m1 flows from $@ | aliasing.cpp:37:13:37:22 | call to user_input : void | call to user_input : void |

0 commit comments

Comments
 (0)