Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7583fe2

Browse files
MathiasVPMathiasVP
committed
C++: Respond to PR reviews.
1 parent f90007a commit 7583fe2

1 file changed

Lines changed: 128 additions & 102 deletions

File tree

  • cpp/ql/lib/semmle/code/cpp/models/implementations

cpp/ql/lib/semmle/code/cpp/models/implementations/Iterator.qll

Lines changed: 128 additions & 102 deletions
Original file line numberDiff line numberDiff line change
@@ -108,106 +108,136 @@ private FunctionInput getIteratorArgumentInput(Operator op, int index) {
108108
}
109109

110110
/**
111-
* A non-member prefix `operator*` function for an iterator type.
111+
* A non-member `operator++` or `operator--` function for an iterator type.
112112
*/
113-
private class IteratorPointerDereferenceOperator extends Operator, TaintFunction,
114-
IteratorReferenceFunction {
115-
FunctionInput iteratorInput;
116-
117-
IteratorPointerDereferenceOperator() {
118-
this.hasName("operator*") and
119-
iteratorInput = getIteratorArgumentInput(this, 0)
113+
class IteratorCrementNonMemberOperator extends Operator {
114+
IteratorCrementNonMemberOperator() {
115+
this.hasName(["operator++", "operator--"]) and
116+
exists(getIteratorArgumentInput(this, 0))
120117
}
118+
}
121119

122-
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
123-
input = iteratorInput and
120+
private class IteratorCrementNonMemberOperatorModel extends IteratorCrementNonMemberOperator,
121+
DataFlowFunction {
122+
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
123+
input = getIteratorArgumentInput(this, 0) and
124124
output.isReturnValue()
125125
or
126-
input.isReturnValueDeref() and
127-
output.isParameterDeref(0)
126+
input.isParameterDeref(0) and output.isReturnValueDeref()
128127
}
129128
}
130129

131130
/**
132-
* A non-member `operator++` or `operator--` function for an iterator type.
131+
* An `operator++` or `operator--` member function for an iterator type.
133132
*/
134-
class IteratorCrementOperator extends Operator {
135-
FunctionInput iteratorInput;
136-
137-
IteratorCrementOperator() {
138-
this.hasName(["operator++", "operator--"]) and
139-
iteratorInput = getIteratorArgumentInput(this, 0)
133+
class IteratorCrementMemberOperator extends MemberFunction {
134+
IteratorCrementMemberOperator() {
135+
this.getClassAndName(["operator++", "operator--"]) instanceof Iterator
140136
}
141-
142-
/**
143-
* INTERNAL: Do not use.
144-
*/
145-
FunctionInput getIteratorInput() { result = iteratorInput }
146137
}
147138

148-
private class IteratorCrementOperatorModel extends IteratorCrementOperator, DataFlowFunction {
139+
private class IteratorCrementMemberOperatorModel extends IteratorCrementMemberOperator,
140+
DataFlowFunction, TaintFunction {
149141
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
150-
input = this.getIteratorInput() and
142+
input.isQualifierAddress() and
151143
output.isReturnValue()
152144
or
153-
input.isParameterDeref(0) and output.isReturnValueDeref()
145+
input.isReturnValueDeref() and
146+
output.isQualifierObject()
147+
or
148+
input.isQualifierObject() and
149+
output.isReturnValueDeref()
150+
}
151+
152+
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
153+
input.isQualifierObject() and
154+
output.isReturnValueDeref()
154155
}
155156
}
156157

157158
/**
158-
* A non-member `operator+` function for an iterator type.
159+
* A (member or non-member) `operator++` or `operator--` function for an iterator type.
159160
*/
160-
class IteratorAddOperator extends Operator {
161-
FunctionInput iteratorInput;
161+
class IteratorCrementOperator extends Function {
162+
IteratorCrementOperator() {
163+
this instanceof IteratorCrementNonMemberOperator or
164+
this instanceof IteratorCrementMemberOperator
165+
}
166+
}
162167

163-
IteratorAddOperator() {
168+
/**
169+
* A non-member `operator+` function for an iterator type.
170+
*/
171+
class IteratorAddNonMemberOperator extends Operator {
172+
IteratorAddNonMemberOperator() {
164173
this.hasName("operator+") and
165-
iteratorInput = getIteratorArgumentInput(this, [0, 1])
174+
exists(getIteratorArgumentInput(this, [0, 1]))
175+
}
176+
}
177+
178+
private class IteratorAddNonMemberOperatorModel extends IteratorAddNonMemberOperator, TaintFunction {
179+
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
180+
input = getIteratorArgumentInput(this, [0, 1]) and
181+
output.isReturnValue()
166182
}
183+
}
167184

168-
FunctionInput getIteratorInput() { result = iteratorInput }
185+
/**
186+
* An `operator+` or `operator-` member function of an iterator class.
187+
*/
188+
class IteratorBinaryArithmeticMemberOperator extends MemberFunction {
189+
IteratorBinaryArithmeticMemberOperator() {
190+
this.getClassAndName(["operator+", "operator-"]) instanceof Iterator
191+
}
169192
}
170193

171-
private class IteratorAddOperatorModel extends IteratorAddOperator, TaintFunction {
194+
private class IteratorBinaryArithmeticMemberOperatorModel extends IteratorBinaryArithmeticMemberOperator,
195+
TaintFunction {
172196
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
173-
input = this.getIteratorInput() and
197+
input.isQualifierObject() and
174198
output.isReturnValue()
175199
}
176200
}
177201

178202
/**
179-
* A non-member `operator-` function that takes a pointer difference type as its second argument.
203+
* A (member or non-member) `operator+` or `operator-` function for an iterator type.
180204
*/
181-
class IteratorSubOperator extends Operator {
182-
FunctionInput iteratorInput;
205+
class IteratorBinaryAddOperator extends Function {
206+
IteratorBinaryAddOperator() {
207+
this instanceof IteratorAddNonMemberOperator or
208+
this instanceof IteratorBinaryArithmeticMemberOperator
209+
}
210+
}
183211

184-
IteratorSubOperator() {
212+
/**
213+
* A non-member `operator-` function that takes a pointer difference type as its second argument.
214+
*/
215+
class IteratorSubNonMemberOperator extends Operator {
216+
IteratorSubNonMemberOperator() {
185217
this.hasName("operator-") and
186-
iteratorInput = getIteratorArgumentInput(this, 0) and
218+
exists(getIteratorArgumentInput(this, 0)) and
187219
this.getParameter(1).getUnspecifiedType() instanceof IntegralType // not an iterator difference
188220
}
189-
190-
FunctionInput getIteratorInput() { result = iteratorInput }
191221
}
192222

193-
private class IteratorSubOperatorModel extends IteratorSubOperator, TaintFunction {
223+
private class IteratorSubOperatorModel extends IteratorSubNonMemberOperator, TaintFunction {
194224
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
195-
input = this.getIteratorInput() and
225+
input = getIteratorArgumentInput(this, 0) and
196226
output.isReturnValue()
197227
}
198228
}
199229

200230
/**
201231
* A non-member `operator+=` or `operator-=` function for an iterator type.
202232
*/
203-
class IteratorAssignArithmeticOperator extends Operator {
204-
IteratorAssignArithmeticOperator() {
233+
class IteratorAssignArithmeticNonMemberOperator extends Operator {
234+
IteratorAssignArithmeticNonMemberOperator() {
205235
this.hasName(["operator+=", "operator-="]) and
206236
exists(getIteratorArgumentInput(this, 0))
207237
}
208238
}
209239

210-
private class IteratorAssignArithmeticOperatorModel extends IteratorAssignArithmeticOperator,
240+
private class IteratorAssignArithmeticNonMemberOperatorModel extends IteratorAssignArithmeticNonMemberOperator,
211241
DataFlowFunction, TaintFunction {
212242
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
213243
input.isParameter(0) and
@@ -227,106 +257,102 @@ private class IteratorAssignArithmeticOperatorModel extends IteratorAssignArithm
227257
}
228258

229259
/**
230-
* A prefix `operator*` member function for an iterator type.
231-
*/
232-
class IteratorPointerDereferenceMemberOperator extends MemberFunction, TaintFunction,
233-
IteratorReferenceFunction {
234-
IteratorPointerDereferenceMemberOperator() {
235-
this.getClassAndName("operator*") instanceof Iterator
236-
}
237-
238-
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
239-
input.isQualifierObject() and
240-
output.isReturnValue()
241-
or
242-
input.isReturnValueDeref() and
243-
output.isQualifierObject()
244-
}
245-
}
246-
247-
/**
248-
* An `operator++` or `operator--` member function for an iterator type.
260+
* An `operator+=` or `operator-=` member function of an iterator class.
249261
*/
250-
class IteratorCrementMemberOperator extends MemberFunction {
251-
IteratorCrementMemberOperator() {
252-
this.getClassAndName(["operator++", "operator--"]) instanceof Iterator
262+
class IteratorAssignArithmeticMemberOperator extends MemberFunction {
263+
IteratorAssignArithmeticMemberOperator() {
264+
this.getClassAndName(["operator+=", "operator-="]) instanceof Iterator
253265
}
254266
}
255267

256-
private class IteratorCrementMemberOperatorModel extends IteratorCrementMemberOperator,
268+
private class IteratorAssignArithmeticMemberOperatorModel extends IteratorAssignArithmeticMemberOperator,
257269
DataFlowFunction, TaintFunction {
258270
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
259271
input.isQualifierAddress() and
260272
output.isReturnValue()
273+
}
274+
275+
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
276+
input.isQualifierObject() and
277+
output.isReturnValueDeref()
261278
or
279+
// reverse flow from returned reference to the qualifier
262280
input.isReturnValueDeref() and
263281
output.isQualifierObject()
264282
or
265-
input.isQualifierObject() and
266-
output.isReturnValueDeref()
283+
(input.isParameter(0) or input.isParameterDeref(0)) and
284+
output.isQualifierObject()
267285
}
286+
}
268287

269-
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
270-
input.isQualifierObject() and
271-
output.isReturnValueDeref()
288+
/**
289+
* A (member or non-member) `operator+=` or `operator-=` function for an iterator type.
290+
*/
291+
class IteratorAssignArithmeticOperator extends Function {
292+
IteratorAssignArithmeticOperator() {
293+
this instanceof IteratorAssignArithmeticNonMemberOperator or
294+
this instanceof IteratorAssignArithmeticMemberOperator
272295
}
273296
}
274297

275298
/**
276-
* A member `operator->` function for an iterator type.
299+
* A prefix `operator*` member function for an iterator type.
277300
*/
278-
private class IteratorFieldMemberOperator extends Operator, TaintFunction {
279-
IteratorFieldMemberOperator() { this.getClassAndName("operator->") instanceof Iterator }
301+
class IteratorPointerDereferenceMemberOperator extends MemberFunction, TaintFunction,
302+
IteratorReferenceFunction {
303+
IteratorPointerDereferenceMemberOperator() {
304+
this.getClassAndName("operator*") instanceof Iterator
305+
}
280306

281307
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
282308
input.isQualifierObject() and
283309
output.isReturnValue()
310+
or
311+
input.isReturnValueDeref() and
312+
output.isQualifierObject()
284313
}
285314
}
286315

287316
/**
288-
* An `operator+` or `operator-` member function of an iterator class.
317+
* A non-member prefix `operator*` function for an iterator type.
289318
*/
290-
class IteratorBinaryArithmeticMemberOperator extends MemberFunction {
291-
IteratorBinaryArithmeticMemberOperator() {
292-
this.getClassAndName(["operator+", "operator-"]) instanceof Iterator
319+
class IteratorPointerDereferenceNonMemberOperator extends Operator, IteratorReferenceFunction {
320+
IteratorPointerDereferenceNonMemberOperator() {
321+
this.hasName("operator*") and
322+
exists(getIteratorArgumentInput(this, 0))
293323
}
294324
}
295325

296-
private class IteratorBinaryArithmeticMemberOperatorModel extends IteratorBinaryArithmeticMemberOperator,
326+
private class IteratorPointerDereferenceNonMemberOperatorModel extends IteratorPointerDereferenceNonMemberOperator,
297327
TaintFunction {
298328
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
299-
input.isQualifierObject() and
329+
input = getIteratorArgumentInput(this, 0) and
300330
output.isReturnValue()
331+
or
332+
input.isReturnValueDeref() and
333+
output.isParameterDeref(0)
301334
}
302335
}
303336

304337
/**
305-
* An `operator+=` or `operator-=` member function of an iterator class.
338+
* A (member or non-member) prefix `operator*` function for an iterator type.
306339
*/
307-
class IteratorAssignArithmeticMemberOperator extends MemberFunction {
308-
IteratorAssignArithmeticMemberOperator() {
309-
this.getClassAndName(["operator+=", "operator-="]) instanceof Iterator
340+
class IteratorPointerDereferenceOperator extends Function {
341+
IteratorPointerDereferenceOperator() {
342+
this instanceof IteratorPointerDereferenceNonMemberOperator or
343+
this instanceof IteratorPointerDereferenceMemberOperator
310344
}
311345
}
312346

313-
private class IteratorAssignArithmeticMemberOperatorModel extends IteratorAssignArithmeticMemberOperator,
314-
DataFlowFunction, TaintFunction {
315-
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
316-
input.isQualifierAddress() and
317-
output.isReturnValue()
318-
}
347+
/**
348+
* A member `operator->` function for an iterator type.
349+
*/
350+
private class IteratorFieldMemberOperator extends Operator, TaintFunction {
351+
IteratorFieldMemberOperator() { this.getClassAndName("operator->") instanceof Iterator }
319352

320353
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
321354
input.isQualifierObject() and
322-
output.isReturnValueDeref()
323-
or
324-
// reverse flow from returned reference to the qualifier
325-
input.isReturnValueDeref() and
326-
output.isQualifierObject()
327-
or
328-
(input.isParameter(0) or input.isParameterDeref(0)) and
329-
output.isQualifierObject()
355+
output.isReturnValue()
330356
}
331357
}
332358

0 commit comments

Comments
 (0)