Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b42e81c

Browse files
MathiasVPMathiasVP
committed
C++: Speed up 'Buffer.qll'.
1 parent f491507 commit b42e81c

2 files changed

Lines changed: 35 additions & 13 deletions

File tree

cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll

Lines changed: 5 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -73,20 +73,13 @@ private int isSource(Expr bufferExpr, Element why) {
7373
)
7474
}
7575

76-
private predicate localFlowToExprStep(DataFlow::Node n1, DataFlow::Node n2) {
77-
not exists(n2.asExpr()) and
78-
DataFlow::localFlowStep(n1, n2)
79-
}
80-
81-
/** Holds if `n2 + delta` may be equal to `n1`. */
76+
/**
77+
* Holds if data flow steps from `e1` to `e2` without stepping through any
78+
* other intermediate expressions.
79+
*/
8280
private predicate localFlowStepToExpr(Expr e1, Expr e2) {
8381
getBufferSizeCand0(e1) and
84-
exists(DataFlow::Node n1, DataFlow::Node mid, DataFlow::Node n2 |
85-
n1.asExpr() = e1 and
86-
localFlowToExprStep*(n1, mid) and
87-
DataFlow::localFlowStep(mid, n2) and
88-
n2.asExpr() = e2
89-
)
82+
DataFlow::localExprFlowStep(e1, e2)
9083
}
9184

9285
/**

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1320,7 +1320,36 @@ predicate localInstructionFlow(Instruction e1, Instruction e2) {
13201320
* local (intra-procedural) steps.
13211321
*/
13221322
pragma[inline]
1323-
predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) }
1323+
predicate localExprFlow(Expr e1, Expr e2) { localExprFlowStep*(e1, e2) }
1324+
1325+
/**
1326+
* Holds if `n1.asExpr()` doesn't have a result and `n1` flows to `n2` in a single
1327+
* dataflow step.
1328+
*/
1329+
private predicate localStepFromNonExpr(Node n1, Node n2) {
1330+
not exists(n1.asExpr()) and
1331+
localFlowStep(n1, n2)
1332+
}
1333+
1334+
/**
1335+
* Holds if `n1.asExpr()` doesn't have a result, `n2.asExpr() = e2` and
1336+
* `n2` is the first node reachable from `n2` such that `n2.asExpr()` exists.
1337+
*/
1338+
pragma[nomagic]
1339+
private predicate localStepsToExpr(Node n1, Node n2, Expr e2) {
1340+
localStepFromNonExpr*(n1, n2) and
1341+
e2 = n2.asExpr()
1342+
}
1343+
1344+
/** Holds if data can flow from `e1` to `e2` in one local (intra-procedural) step. */
1345+
cached
1346+
predicate localExprFlowStep(Expr e1, Expr e2) {
1347+
exists(Node mid, Node n1, Node n2 |
1348+
localFlowStep(n1, mid) and
1349+
localStepsToExpr(mid, n2, e2) and
1350+
e1 = n1.asExpr()
1351+
)
1352+
}
13241353

13251354
cached
13261355
private newtype TContent =

0 commit comments

Comments
 (0)