CPP: Remove successor edges from non-returning functions from the control flow graph.

geoffw0 · geoffw0 · commit 6427e9658b56 · 2018-10-30T14:25:32.000Z
diff --git a/cpp/ql/src/semmle/code/cpp/controlflow/internal/ConstantExprs.qll b/cpp/ql/src/semmle/code/cpp/controlflow/internal/ConstantExprs.qll
@@ -136,6 +136,25 @@ private predicate impossibleDefaultSwitchEdge(Block switchBlock, DefaultCase dc)
                        val <= switchCaseRangeEnd(sc))))
 }
 
+/**
+ * Holds if the function `f` never returns due to not containing a return
+ * statement (explicit or compiler generated).  Reachability of return
+ * statements is not checked.
+ */
+private predicate nonReturningFunction(Function f)
+{
+  exists(f.getBlock()) and
+  not exists(ReturnStmt ret | ret.getEnclosingFunction() = f)
+}
+
+/**
+ * An edge from a call to a function that never returns is impossible.
+ */
+private predicate impossibleFunctionReturn(FunctionCall fc, Node succ) {
+  nonReturningFunction(fc.getTarget()) and
+  successors_extended(fc, succ)
+}
+
 /**
  * If `pred` is a function call with (at least) one function target,
  * (at least) one such target must be potentially returning.
@@ -158,6 +177,7 @@ cached predicate successors_adapted(Node pred, Node succ) {
   and not impossibleTrueEdge(pred, succ)
   and not impossibleSwitchEdge(pred, succ)
   and not impossibleDefaultSwitchEdge(pred, succ)
+  and not impossibleFunctionReturn(pred, succ)
   and not getOptions().exprExits(pred)
 }
 
diff --git a/cpp/ql/test/library-tests/c++_exceptions/graphable.expected b/cpp/ql/test/library-tests/c++_exceptions/graphable.expected
@@ -264,7 +264,6 @@
 | fun | true | 282 | 280 |  |
 | fun | true | 284 | 290 |  |
 | fun | true | 286 | 284 |  |
-| fun | true | 288 | 297 |  |
 | fun | true | 290 | 288 |  |
 | fun | true | 294 | 295 |  |
 | fun | true | 295 | 314 |  |
diff --git a/cpp/ql/test/library-tests/c++_exceptions/unreachable.expected b/cpp/ql/test/library-tests/c++_exceptions/unreachable.expected
@@ -2,4 +2,7 @@
 | ODASA-5692.cpp:11:18:13:3 | <handler> |
 | ODASA-5692.cpp:14:15:15:12 | <handler> |
 | ODASA-5692.cpp:14:15:15:12 | <handler> |
+| exceptions.cpp:25:13:30:9 | ExprStmt |
 | exceptions.cpp:26:13:26:13 | ExprStmt |
+| exceptions.cpp:32:19:34:5 | <handler> |
+| exceptions.cpp:35:19:37:5 | <handler> |
diff --git a/cpp/ql/test/query-tests/jsf/4.13 Functions/AV Rule 114/AV Rule 114.expected b/cpp/ql/test/query-tests/jsf/4.13 Functions/AV Rule 114/AV Rule 114.expected
@@ -5,10 +5,6 @@
 | test.cpp:48:2:48:26 | if (...) ...  | Function g7 should return a value of type MyValue but does not return a value here |
 | test.cpp:74:1:76:1 | { ... } | Function g10 should return a value of type second but does not return a value here |
 | test.cpp:86:1:88:1 | { ... } | Function g12 should return a value of type second but does not return a value here |
-| test.cpp:103:2:103:17 | ExprStmt | Function g13 should return a value of type int but does not return a value here |
 | test.cpp:108:2:111:2 | if (...) ...  | Function g14 should return a value of type int but does not return a value here |
-| test.cpp:110:3:110:18 | ExprStmt | Function g14 should return a value of type int but does not return a value here |
-| test.cpp:120:3:120:18 | ExprStmt | Function g15 should return a value of type int but does not return a value here |
 | test.cpp:134:2:134:36 | ExprStmt | Function g16 should return a value of type int but does not return a value here |
 | test.cpp:141:3:141:37 | ExprStmt | Function g17 should return a value of type int but does not return a value here |
-| test.cpp:151:3:151:18 | ExprStmt | Function g18 should return a value of type int but does not return a value here |
diff --git a/cpp/ql/test/query-tests/jsf/4.13 Functions/AV Rule 114/test.cpp b/cpp/ql/test/query-tests/jsf/4.13 Functions/AV Rule 114/test.cpp
@@ -100,7 +100,7 @@ void myThrow(const char *error)
 
 int g13()
 {
-	myThrow("fail"); // GOOD [FALSE POSITIVE]
+	myThrow("fail"); // GOOD
 }
 
 int g14(int x)
@@ -117,7 +117,7 @@ int g15(int x)
 	{
 		return x;
 	} else {
-		myThrow("fail"); // GOOD [FALSE POSITIVE]
+		myThrow("fail"); // GOOD
 	}
 }
 
diff --git a/cpp/ql/test/successor-tests/exceptionhandler/exceptionhandler/graphable.expected b/cpp/ql/test/successor-tests/exceptionhandler/exceptionhandler/graphable.expected
@@ -1,67 +1,66 @@
-| C::operator= | false | 129 | 129 | operator= |
-| C::operator= | false | 133 | 133 | operator= |
-| D::operator= | false | 140 | 140 | operator= |
-| D::operator= | false | 144 | 144 | operator= |
-| __va_list_tag::operator= | false | 61 | 61 | operator= |
-| __va_list_tag::operator= | false | 65 | 65 | operator= |
-| f | false | 163 | 163 | f |
-| f | false | 180 | 180 | call to g |
-| f | false | 182 | 182 | ExprStmt |
-| f | false | 186 | 186 | 2 |
-| f | false | 187 | 187 | throw ... |
-| f | false | 189 | 189 | ExprStmt |
-| f | false | 191 | 191 | label ...: |
-| f | false | 193 | 193 | { ... } |
-| f | false | 197 | 197 | 4 |
-| f | false | 198 | 198 | ExprStmt |
-| f | false | 200 | 200 | { ... } |
-| f | false | 202 | 202 | <handler> |
-| f | false | 203 | 203 | try { ... } |
-| f | false | 205 | 205 | { ... } |
-| f | false | 209 | 209 | 5 |
-| f | false | 210 | 210 | ExprStmt |
-| f | false | 212 | 212 | { ... } |
-| f | false | 216 | 216 | 6 |
-| f | false | 217 | 217 | ExprStmt |
-| f | false | 219 | 219 | { ... } |
-| f | false | 221 | 221 | <handler> |
-| f | false | 222 | 222 | <handler> |
-| f | false | 223 | 223 | try { ... } |
-| f | false | 225 | 225 | return ... |
-| f | false | 227 | 227 | { ... } |
-| f | true | 180 | 189 |  |
-| f | true | 182 | 180 |  |
-| f | true | 186 | 187 |  |
-| f | true | 187 | 202 |  |
-| f | true | 189 | 186 |  |
-| f | true | 191 | 225 |  |
-| f | true | 193 | 182 |  |
-| f | true | 197 | 225 |  |
-| f | true | 198 | 197 |  |
-| f | true | 200 | 198 |  |
-| f | true | 202 | 200 |  |
-| f | true | 202 | 221 |  |
-| f | true | 203 | 193 |  |
-| f | true | 205 | 203 |  |
-| f | true | 209 | 225 |  |
-| f | true | 210 | 209 |  |
-| f | true | 212 | 210 |  |
-| f | true | 216 | 225 |  |
-| f | true | 217 | 216 |  |
-| f | true | 219 | 217 |  |
-| f | true | 221 | 212 |  |
-| f | true | 221 | 222 |  |
-| f | true | 222 | 163 |  |
-| f | true | 222 | 219 |  |
-| f | true | 223 | 205 |  |
-| f | true | 225 | 163 |  |
-| f | true | 227 | 223 |  |
-| g | false | 150 | 150 | g |
-| g | false | 155 | 155 | 1 |
-| g | false | 156 | 156 | throw ... |
-| g | false | 158 | 158 | ExprStmt |
-| g | false | 160 | 160 | { ... } |
-| g | true | 155 | 156 |  |
-| g | true | 156 | 150 |  |
-| g | true | 158 | 155 |  |
-| g | true | 160 | 158 |  |
+| C::operator= | false | 75 | 75 | operator= |
+| C::operator= | false | 81 | 81 | operator= |
+| D::operator= | false | 91 | 91 | operator= |
+| D::operator= | false | 97 | 97 | operator= |
+| __va_list_tag::operator= | false | 60 | 60 | operator= |
+| __va_list_tag::operator= | false | 66 | 66 | operator= |
+| f | false | 115 | 115 | f |
+| f | false | 120 | 120 | call to g |
+| f | false | 122 | 122 | ExprStmt |
+| f | false | 126 | 126 | 2 |
+| f | false | 127 | 127 | throw ... |
+| f | false | 129 | 129 | ExprStmt |
+| f | false | 131 | 131 | label ...: |
+| f | false | 133 | 133 | { ... } |
+| f | false | 141 | 141 | 4 |
+| f | false | 142 | 142 | ExprStmt |
+| f | false | 144 | 144 | { ... } |
+| f | false | 146 | 146 | <handler> |
+| f | false | 147 | 147 | try { ... } |
+| f | false | 149 | 149 | { ... } |
+| f | false | 157 | 157 | 5 |
+| f | false | 158 | 158 | ExprStmt |
+| f | false | 160 | 160 | { ... } |
+| f | false | 168 | 168 | 6 |
+| f | false | 169 | 169 | ExprStmt |
+| f | false | 171 | 171 | { ... } |
+| f | false | 173 | 173 | <handler> |
+| f | false | 174 | 174 | <handler> |
+| f | false | 175 | 175 | try { ... } |
+| f | false | 177 | 177 | return ... |
+| f | false | 179 | 179 | { ... } |
+| f | true | 122 | 120 |  |
+| f | true | 126 | 127 |  |
+| f | true | 127 | 146 |  |
+| f | true | 129 | 126 |  |
+| f | true | 131 | 177 |  |
+| f | true | 133 | 122 |  |
+| f | true | 141 | 177 |  |
+| f | true | 142 | 141 |  |
+| f | true | 144 | 142 |  |
+| f | true | 146 | 144 |  |
+| f | true | 146 | 173 |  |
+| f | true | 147 | 133 |  |
+| f | true | 149 | 147 |  |
+| f | true | 157 | 177 |  |
+| f | true | 158 | 157 |  |
+| f | true | 160 | 158 |  |
+| f | true | 168 | 177 |  |
+| f | true | 169 | 168 |  |
+| f | true | 171 | 169 |  |
+| f | true | 173 | 160 |  |
+| f | true | 173 | 174 |  |
+| f | true | 174 | 115 |  |
+| f | true | 174 | 171 |  |
+| f | true | 175 | 149 |  |
+| f | true | 177 | 115 |  |
+| f | true | 179 | 175 |  |
+| g | false | 102 | 102 | g |
+| g | false | 107 | 107 | 1 |
+| g | false | 108 | 108 | throw ... |
+| g | false | 110 | 110 | ExprStmt |
+| g | false | 112 | 112 | { ... } |
+| g | true | 107 | 108 |  |
+| g | true | 108 | 102 |  |
+| g | true | 110 | 107 |  |
+| g | true | 112 | 110 |  |

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ void myThrow(const char *error)`
`100`	`100`
`101`	`101`	`int g13()`
`102`	`102`	`{`
`103`		`- myThrow("fail"); // GOOD [FALSE POSITIVE]`
	`103`	`+ myThrow("fail"); // GOOD`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`int g14(int x)`
`@@ -117,7 +117,7 @@ int g15(int x)`
`117`	`117`	`{`
`118`	`118`	`return x;`
`119`	`119`	`} else {`
`120`		`- myThrow("fail"); // GOOD [FALSE POSITIVE]`
	`120`	`+ myThrow("fail"); // GOOD`
`121`	`121`	`}`
`122`	`122`	`}`
`123`	`123`