Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b0bd7a9

Browse files
MathiasVPMathiasVP
committed
C++: Add MaD syntax for an arbitrary number of dereferences.
1 parent 4dc13e8 commit b0bd7a9

1 file changed

Lines changed: 35 additions & 2 deletions

File tree

cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll

Lines changed: 35 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,8 @@
7474

7575
import cpp
7676
private import new.DataFlow
77+
private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate as Private
78+
private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
7779
private import internal.FlowSummaryImpl
7880
private import internal.FlowSummaryImpl::Public
7981
private import internal.FlowSummaryImpl::Private
@@ -166,8 +168,12 @@ predicate sinkModel(
166168
Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance, _)
167169
}
168170

169-
/** Holds if a summary model exists for the given parameters. */
170-
predicate summaryModel(
171+
/**
172+
* Holds if a summary model exists for the given parameters.
173+
*
174+
* This predicate does not expand `@` to `*`s.
175+
*/
176+
private predicate summaryModel0(
171177
string namespace, string type, boolean subtypes, string name, string signature, string ext,
172178
string input, string output, string kind, string provenance
173179
) {
@@ -190,6 +196,33 @@ predicate summaryModel(
190196
provenance, _)
191197
}
192198

199+
/**
200+
* Holds if `input` is `input0`, but with all occurences of `@` replaced
201+
* by `n` repetitions of `*` (and similarly for `output` and `output0`).
202+
*/
203+
bindingset[input0, output0, n]
204+
pragma[inline_late]
205+
private predicate expandInputAndOutput(
206+
string input0, string input, string output0, string output, int n
207+
) {
208+
input = input0.replaceAll("@", repeatStars(n)) and
209+
output = output0.replaceAll("@", repeatStars(n))
210+
}
211+
212+
/**
213+
* Holds if a summary model exists for the given parameters.
214+
*/
215+
predicate summaryModel(
216+
string namespace, string type, boolean subtypes, string name, string signature, string ext,
217+
string input, string output, string kind, string provenance
218+
) {
219+
exists(string input0, string output0 |
220+
summaryModel0(namespace, type, subtypes, name, signature, ext, input0, output0, kind, provenance) and
221+
expandInputAndOutput(input0, input, output0, output,
222+
[0 .. Private::getMaxElementContentIndirectionIndex() - 1])
223+
)
224+
}
225+
193226
private predicate relevantNamespace(string namespace) {
194227
sourceModel(namespace, _, _, _, _, _, _, _, _) or
195228
sinkModel(namespace, _, _, _, _, _, _, _, _) or

0 commit comments

Comments
 (0)