Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 89c5e3d

Browse files
jketemajketema
committed
C++: Fix the dataflow configuration in dataflow/dataflow-tests 
1 parent 5732c3b commit 89c5e3d

4 files changed

Lines changed: 29 additions & 22 deletions

File tree

cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ void following_pointers(
1919

2020
sink(sourceArray1[0]); // no flow
2121
sink(*sourceArray1); // no flow
22-
sink(&sourceArray1); // $ ast // [should probably be taint only]
22+
sink(&sourceArray1); // $ ast,ir // [should probably be taint only]
2323

2424
sink(sourceStruct1.m1); // no flow
2525
sink(sourceStruct1_ptr->m1); // no flow
@@ -48,5 +48,5 @@ void following_pointers(
4848

4949
int stackArray[2] = { source(), source() };
5050
stackArray[0] = source();
51-
sink(stackArray); // $ ast MISSING: ir
51+
sink(stackArray); // $ ast,ir
5252
}

cpp/ql/test/library-tests/dataflow/dataflow-tests/ref.cpp

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -53,16 +53,16 @@ namespace withoutFields {
5353
int x1, x2, x3, x4;
5454

5555
assignWrapper(x1, source());
56-
sink(x1); // $ ast=55:23 ir SPURIOUS: ast=53:9
56+
sink(x1); // $ ast,ir=55:23 SPURIOUS: ast,ir=53:9
5757

5858
notAssign(x2, source());
59-
sink(x2); // $ SPURIOUS: ast,ir
59+
sink(x2); // $ SPURIOUS: ast ir=53:13 ir=58:19
6060

6161
sourceToParamWrapper(x3);
62-
sink(x3); // $ ast=29:11 ir SPURIOUS: ast=53:17
62+
sink(x3); // $ ast,ir=29:11 SPURIOUS: ast,ir=53:17
6363

6464
notSource(x4);
65-
sink(x4); // $ SPURIOUS: ast,ir
65+
sink(x4); // $ SPURIOUS: ast ir=44:11 ir=53:21
6666
}
6767
}
6868

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -71,19 +71,19 @@ void identityOperations(int* source1) {
7171
sink(x4); // $ ast,ir
7272
}
7373

74-
void trackUninitialized() { // NOTE: uninitialized tracking for IR dataflow is deprecated
74+
void trackUninitialized() {
7575
int u1;
76-
sink(u1); // $ ast
76+
sink(u1); // $ ast,ir
7777
u1 = 2;
7878
sink(u1); // clean
7979

8080
int i1 = 1;
8181
sink(i1); // clean
8282

8383
int u2;
84-
sink(i1 ? u2 : 1); // $ ast
84+
sink(i1 ? u2 : 1); // $ ast,ir
8585
i1 = u2;
86-
sink(i1); // $ ast
86+
sink(i1); // $ ast,ir
8787
}
8888

8989
void local_references(int &source1, int clean1) {
@@ -346,7 +346,7 @@ namespace FlowThroughGlobals {
346346
void taintAndCall() {
347347
globalVar = source();
348348
calledAfterTaint();
349-
sink(globalVar); // $ ast ir=333:17 ir=347:17
349+
sink(globalVar); // $ ast ir ir=333:17 ir=347:17
350350
}
351351
}
352352

@@ -398,14 +398,14 @@ void flowThroughMemcpy_blockvar_with_local_flow(int source1, int b) {
398398
void cleanedByMemcpy_ssa(int clean1) { // currently modeled with BlockVar, not SSA
399399
int tmp;
400400
memcpy(&tmp, &clean1, sizeof tmp);
401-
sink(tmp); // $ SPURIOUS: ast
401+
sink(tmp); // $ SPURIOUS: ast,ir
402402
}
403403

404404
void cleanedByMemcpy_blockvar(int clean1) {
405405
int tmp;
406406
int *capture = &tmp;
407407
memcpy(&tmp, &clean1, sizeof tmp);
408-
sink(tmp); // $ SPURIOUS: ast
408+
sink(tmp); // $ SPURIOUS: ast,ir
409409
}
410410

411411
void intRefSource(int &ref_source);
@@ -415,33 +415,33 @@ void intArraySource(int ref_source[], size_t len);
415415
void intRefSourceCaller() {
416416
int local;
417417
intRefSource(local);
418-
sink(local); // $ ast=416:7 ast=417:16 MISSING: ir
418+
sink(local); // $ ast,ir=416:7 ast,ir=417:16
419419
}
420420

421421
void intPointerSourceCaller() {
422422
int local;
423423
intPointerSource(&local);
424-
sink(local); // $ ast=422:7 ast=423:20 MISSING: ir
424+
sink(local); // $ ast,ir=422:7 ast,ir=423:20
425425
}
426426

427427
void intPointerSourceCaller2() {
428428
int local[1];
429429
intPointerSource(local);
430-
sink(local); // $ ast=428:7 ast=429:20 MISSING: ir
431-
sink(*local); // $ ast=428:7 ast=429:20 MISSING: ir
430+
sink(local); // $ ast,ir=428:7 ast,ir=429:20
431+
sink(*local); // $ ast,ir=428:7 ast,ir=429:20
432432
}
433433

434434
void intArraySourceCaller() {
435435
int local;
436436
intArraySource(&local, 1);
437-
sink(local); // $ ast=435:7 ast=436:18 MISSING: ir
437+
sink(local); // $ ast,ir=435:7 ast,ir=436:18
438438
}
439439

440440
void intArraySourceCaller2() {
441441
int local[2];
442442
intArraySource(local, 2);
443-
sink(local); // $ ast=441:7 ast=442:18 MISSING: ir
444-
sink(*local); // $ ast=441:7 ast=442:18 MISSING: ir
443+
sink(local); // $ ast,ir=441:7 ast,ir=442:18
444+
sink(*local); // $ ast,ir=441:7 ast,ir=442:18
445445
}
446446

447447
///////////////////////////////////////////////////////////////////////////////

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,17 +24,24 @@ module IRTest {
2424
source.asExpr().(FunctionCall).getTarget().getName() = "source"
2525
or
2626
source.asParameter().getName().matches("source%")
27+
or
28+
source.(DataFlow::DefinitionByReferenceNode).getParameter().getName().matches("ref_source%")
29+
or
30+
exists(source.asUninitialized())
2731
}
2832

2933
override predicate isSink(DataFlow::Node sink) {
3034
exists(FunctionCall call |
3135
call.getTarget().getName() = "sink" and
32-
sink.asExpr() = call.getAnArgument()
36+
call.getAnArgument() in [sink.asExpr(), sink.asIndirectExpr()]
3337
)
3438
}
3539

3640
override predicate isBarrier(DataFlow::Node barrier) {
37-
barrier.asExpr().(VariableAccess).getTarget().hasName("barrier") or
41+
exists(Expr barrierExpr | barrierExpr in [barrier.asExpr(), barrier.asIndirectExpr()] |
42+
barrierExpr.(VariableAccess).getTarget().hasName("barrier")
43+
)
44+
or
3845
barrier = DataFlow::InstructionBarrierGuard<testBarrierGuard/3>::getABarrierNode()
3946
}
4047
}

0 commit comments

Comments
 (0)