Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit cbacd51

Browse files
geoffw0geoffw0
committed
C++: Make Argument[-1] refer to *this rather than this.
1 parent 22d5e9b commit cbacd51

4 files changed

Lines changed: 26 additions & 17 deletions

File tree

cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,8 @@
3636
* "Argument[n]", "Argument[n1..n2]", "ReturnValue":
3737
* - "": Selects a write to the selected element in case this is a field.
3838
* - "Argument[n]": Selects an argument in a call to the selected element.
39-
* The arguments are zero-indexed, and `-1` specifies the qualifier.
39+
* The arguments are zero-indexed, and `-1` specifies the qualifier object,
40+
* that is, `*this`.
4041
* - "Argument[n1..n2]": Similar to "Argument[n]" but select any argument in
4142
* the given range. The range is inclusive at both ends.
4243
* - "ReturnValue": Selects a value being returned by the selected element.
@@ -47,14 +48,16 @@
4748
* - "": Selects a read of a selected field, or a selected parameter.
4849
* - "Argument[n]": Selects the post-update value of an argument in a call to the
4950
* selected element. That is, the value of the argument after the call returns.
50-
* The arguments are zero-indexed, and `-1` specifies the qualifier.
51+
* The arguments are zero-indexed, and `-1` specifies the qualifier object,
52+
* that is, `*this`.
5153
* - "Argument[n1..n2]": Similar to "Argument[n]" but select any argument in
5254
* the given range. The range is inclusive at both ends.
5355
* - "Parameter": Selects the value of a parameter of the selected element.
5456
* "Parameter" is also allowed in case the selected element is already a
5557
* parameter itself.
5658
* - "Parameter[n]": Similar to "Parameter" but restricted to a specific
57-
* numbered parameter (zero-indexed, and `-1` specifies the value of `this`).
59+
* numbered parameter. The parameters are zero-indexed, and `-1` specifies
60+
* the qualifier object, that is, `*this`.
5861
* - "Parameter[n1..n2]": Similar to "Parameter[n]" but selects any parameter
5962
* in the given range. The range is inclusive at both ends.
6063
* - "ReturnValue": Selects the return value of a call to the selected element.

cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,10 @@ module Input implements InputSig<DataFlowImplSpecific::CppDataFlow> {
4848
// needed to support `Argument[x..y]` ranges and `Argument[-1]`
4949
token.getName() = "Argument" and
5050
exists(int pos | pos = AccessPath::parseInt(token.getAnArgument()) |
51-
result = TDirectPosition(pos)
51+
pos >= 0 and result = TDirectPosition(pos)
52+
or
53+
// `Argument[-1]` is the qualifier object `*this`, not the `this` pointer itself
54+
pos = -1 and result = TIndirectionPosition(pos, 1)
5255
)
5356
}
5457

@@ -57,7 +60,10 @@ module Input implements InputSig<DataFlowImplSpecific::CppDataFlow> {
5760
// needed to support `Parameter[x..y]` ranges and `Parameter[-1]`
5861
token.getName() = "Parameter" and
5962
exists(int pos | pos = AccessPath::parseInt(token.getAnArgument()) |
60-
result = TDirectPosition(pos)
63+
pos >= 0 and result = TDirectPosition(pos)
64+
or
65+
// `Argument[-1]` is the qualifier object `*this`, not the `this` pointer itself
66+
pos = -1 and result = TIndirectionPosition(pos, 1)
6167
)
6268
}
6369
}

cpp/ql/test/library-tests/dataflow/models-as-data/FlowSummaryNode.expected

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,11 @@
66
| tests.cpp:119:6:119:18 | [summary param] 1 in madArg0ToArg1 | ParameterNode | madArg0ToArg1 | madArg0ToArg1 |
77
| tests.cpp:119:6:119:18 | [summary] to write: Argument[1] in madArg0ToArg1 | PostUpdateNode | madArg0ToArg1 | madArg0ToArg1 |
88
| tests.cpp:180:7:180:19 | [summary param] 0 in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
9-
| tests.cpp:180:7:180:19 | [summary param] this in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
10-
| tests.cpp:180:7:180:19 | [summary] to write: Argument[this] in madArg0ToSelf | PostUpdateNode | madArg0ToSelf | madArg0ToSelf |
11-
| tests.cpp:181:6:181:20 | [summary param] this in madSelfToReturn | ParameterNode | madSelfToReturn | madSelfToReturn |
9+
| tests.cpp:180:7:180:19 | [summary param] this indirection in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
10+
| tests.cpp:180:7:180:19 | [summary] to write: Argument[this indirection] in madArg0ToSelf | PostUpdateNode | madArg0ToSelf | madArg0ToSelf |
11+
| tests.cpp:181:6:181:20 | [summary param] this indirection in madSelfToReturn | ParameterNode | madSelfToReturn | madSelfToReturn |
1212
| tests.cpp:181:6:181:20 | [summary] to write: ReturnValue in madSelfToReturn | ReturnNode | madSelfToReturn | madSelfToReturn |
13-
| tests.cpp:209:7:209:30 | [summary param] this in namespaceMadSelfToReturn | ParameterNode | namespaceMadSelfToReturn | namespaceMadSelfToReturn |
13+
| tests.cpp:209:7:209:30 | [summary param] this indirection in namespaceMadSelfToReturn | ParameterNode | namespaceMadSelfToReturn | namespaceMadSelfToReturn |
1414
| tests.cpp:209:7:209:30 | [summary] to write: ReturnValue in namespaceMadSelfToReturn | ReturnNode | namespaceMadSelfToReturn | namespaceMadSelfToReturn |
1515
| tests.cpp:305:5:305:29 | [summary param] 0 in madCallArg0ReturnToReturn | ParameterNode | madCallArg0ReturnToReturn | madCallArg0ReturnToReturn |
1616
| tests.cpp:305:5:305:29 | [summary] read: Argument[0].Parameter[this] in madCallArg0ReturnToReturn | PostUpdateNode | madCallArg0ReturnToReturn | madCallArg0ReturnToReturn |

cpp/ql/test/library-tests/dataflow/models-as-data/tests.cpp

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -253,7 +253,7 @@ void test_class_members() {
253253
mc2.madArg0ToSelf(0);
254254
sink(mc2);
255255
mc2.madArg0ToSelf(source());
256-
sink(mc2); // $ MISSING: ir
256+
sink(mc2); // $ ir
257257

258258
ptr = new MyClass();
259259
sink(*ptr);
@@ -268,28 +268,28 @@ void test_class_members() {
268268
mc4 = source2();
269269
mc4_ptr = &mc4;
270270
sink(mc4); // $ ir
271-
sink(mc4.madSelfToReturn()); // $ MISSING: ir
271+
sink(mc4.madSelfToReturn()); // $ ir
272272
sink(mc4.notASummary());
273-
sink(mc4_ptr->madSelfToReturn()); // $ MISSING: ir
273+
sink(mc4_ptr->madSelfToReturn()); // $ ir
274274
sink(mc4_ptr->notASummary());
275-
sink(source2().madSelfToReturn()); // $ ir
275+
sink(source2().madSelfToReturn()); // $ MISSING: ir (works if flow is modelled from qualifier *address*)
276276
sink(source2().notASummary());
277277

278278
mc5.val = source();
279279
sink(mc5.madFieldToReturn()); // $ MISSING: ir
280280

281281
mnc2 = source3();
282282
mnc2_ptr = &mnc2;
283-
sink(mnc2.namespaceMadSelfToReturn()); // $ MISSING: ir
284-
sink(mnc2_ptr->namespaceMadSelfToReturn()); // $ MISSING: ir
285-
sink(source3().namespaceMadSelfToReturn()); // $ ir
283+
sink(mnc2.namespaceMadSelfToReturn()); // $ ir
284+
sink(mnc2_ptr->namespaceMadSelfToReturn()); // $ ir
285+
sink(source3().namespaceMadSelfToReturn()); // $ MISSING: ir (works if flow is modelled from qualifier *address*)
286286

287287
// test class member sources + sinks + summaries together
288288

289289
mc.memberMadSinkArg0(mc.memberRemoteMadSource()); // $ ir
290290

291291
mc6.madArg0ToSelf(source());
292-
sink(mc6.madSelfToReturn()); // $ MISSING: ir
292+
sink(mc6.madSelfToReturn()); // $ ir
293293

294294
mc7.madArg0ToField(source());
295295
sink(mc7.madFieldToReturn()); // $ MISSING: ir

0 commit comments

Comments
 (0)