C++: Add a testcase (and a new test) to test flow through functions.

MathiasVP · MathiasVP · commit faf9fd625369 · 2023-02-10T12:40:29.000Z
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp
@@ -56,7 +56,7 @@ void bg_stackstruct(XY s1, XY s2) {
   }
 }
 
-void bg_structptr(XY *p1, XY *p2) {
+void bg_structptr(XY *p1, XY *p2) { // $ ast-def=p1 ast-def=p2
   p1->x = source();
   if (guarded(p1->x)) {
     sink(p1->x); // $ SPURIOUS: ast
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp
@@ -8,7 +8,7 @@ struct twoIntFields {
   int getFirst() { return m1; }
 };
 
-void following_pointers(
+void following_pointers( // $ ast-def=sourceStruct1_ptr
     int sourceArray1[],
     int cleanArray1[],
     twoIntFields sourceStruct1,
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
@@ -107,6 +107,7 @@ postWithInFlow
 | test.cpp:552:25:552:25 | y [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:562:5:562:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:576:5:576:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
+| test.cpp:589:19:589:19 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dispatch.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dispatch.cpp
@@ -25,7 +25,7 @@ struct Bottom : Middle {
   void notSink(int x) override { }
 };
 
-void VirtualDispatch(Bottom *bottomPtr, Bottom &bottomRef) {
+void VirtualDispatch(Bottom *bottomPtr, Bottom &bottomRef) { // $ ast-def=bottomPtr ast-def=bottomRef
   Top *topPtr = bottomPtr, &topRef = bottomRef;
 
   sink(topPtr->isSource1()); // $ ir MISSING: ast
@@ -65,11 +65,11 @@ Top *allocateBottom() {
   return new Bottom();
 }
 
-void callSinkByPointer(Top *top) {
+void callSinkByPointer(Top *top) { // $ ast-def=top
   top->isSink(source()); // leads to MISSING from ast
 }
 
-void callSinkByReference(Top &top) {
+void callSinkByReference(Top &top) { // $ ast-def=top
   top.isSink(source()); // leads to MISSING from ast
 }
 
@@ -81,11 +81,11 @@ void globalVirtualDispatch() {
   x->isSink(source()); // $ MISSING: ast,ir
 }
 
-Top *identity(Top *top) {
+Top *identity(Top *top) { // $ ast-def=top
   return top;
 }
 
-void callIdentityFunctions(Top *top, Bottom *bottom) {
+void callIdentityFunctions(Top *top, Bottom *bottom) { // $ ast-def=bottom ast-def=top
   identity(bottom)->isSink(source()); // $ MISSING: ast,ir
   identity(top)->isSink(source()); // no flow
 }
@@ -120,7 +120,7 @@ namespace virtual_inheritance {
   struct Bottom : Middle {
   };
 
-  void VirtualDispatch(Bottom *bottomPtr, Bottom &bottomRef) {
+  void VirtualDispatch(Bottom *bottomPtr, Bottom &bottomRef) { // $ ast-def=bottomPtr ast-def=bottomRef
     // Because the inheritance from `Top` is virtual, the following casts go
     // directly from `Bottom` to `Top`, skipping `Middle`. That means we don't
     // get flow from a `Middle` value to the call qualifier.
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/example.c b/cpp/ql/test/library-tests/dataflow/dataflow-tests/example.c
@@ -12,7 +12,7 @@ typedef struct
 	char isTrue;
 } MyBool;
 
-void myTest_with_local_flow(MyBool *b, int pos)
+void myTest_with_local_flow(MyBool *b, int pos) // $ ast-def=b 
 {
 	MyCoords coords = {0};
 
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.expected
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql
@@ -0,0 +1,48 @@
+import TestUtilities.InlineExpectationsTest
+import cpp
+
+module AstTest {
+  private import semmle.code.cpp.dataflow.old.DataFlow::DataFlow
+  private import semmle.code.cpp.dataflow.old.internal.DataFlowPrivate
+
+  class ASTParameterDefTest extends InlineExpectationsTest {
+    ASTParameterDefTest() { this = "ASTParameterDefTest" }
+
+    override string getARelevantTag() { result = "ast-def" }
+
+    override predicate hasActualResult(Location location, string element, string tag, string value) {
+      exists(Function f, Parameter p, RefParameterFinalValueNode n |
+        p.isNamed() and
+        n.getParameter() = p and
+        n.getFunction() = f and
+        location = f.getLocation() and
+        element = p.toString() and
+        tag = "ast-def" and
+        value = p.getName()
+      )
+    }
+  }
+}
+
+module IRTest {
+  private import semmle.code.cpp.ir.dataflow.DataFlow
+  private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
+
+  class IRParameterDefTest extends InlineExpectationsTest {
+    IRParameterDefTest() { this = "IRParameterDefTest" }
+
+    override string getARelevantTag() { result = "ir-def" }
+
+    override predicate hasActualResult(Location location, string element, string tag, string value) {
+      exists(Function f, Parameter p, FinalParameterNode n |
+        p.isNamed() and
+        n.getParameter() = p and
+        n.getFunction() = f and
+        location = f.getLocation() and
+        element = p.toString() and
+        tag = "ir-def" and
+        value = "**********".prefix(n.getIndirectionIndex()) + p.getName()
+      )
+    }
+  }
+}
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/lambdas.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/lambdas.cpp
@@ -37,7 +37,7 @@ void test_lambdas()
 	};
 	d(t, u);
 
-	auto e = [](int &a, int &b, int &c) {
+	auto e = [](int &a, int &b, int &c) { // $ ast-def=a ast-def=b ast-def=c ir-def=*c
 		sink(a); // $ ast,ir
 		sink(b);
 		c = source();
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/ref.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/ref.cpp
@@ -7,16 +7,16 @@ extern int arbitrary;
 
 namespace withoutFields {
   template<typename T>
-  void assign(T &lhs, T rhs) {
+  void assign(T &lhs, T rhs) { // $ ast-def=lhs ir-def=*lhs ast-def=lhs
     lhs = rhs;
   }
 
   template<typename T>
-  void assignWrapper(T &lhs, T rhs) {
+  void assignWrapper(T &lhs, T rhs) { // $ ast-def=lhs ast-def=lhs
     assign(lhs, rhs);
   }
 
-  void notAssign(int &lhs, int rhs) {
+  void notAssign(int &lhs, int rhs) { // $ ast-def=lhs ir-def=*lhs 
     lhs = rhs;
     if (arbitrary) {
       lhs = 1;
@@ -25,22 +25,22 @@ namespace withoutFields {
     }
   }
 
-  void sourceToParam(int &out) {
+  void sourceToParam(int &out) { // $ ast-def=out ir-def=*out 
     out = source();
     if (arbitrary) {
       out = 1;
     }
   }
 
-  void sourceToParamWrapper(int &out) {
+  void sourceToParamWrapper(int &out) { // $ ast-def=out ir-def=*out 
     if (arbitrary) {
       sourceToParam(out);
     } else {
       out = 1;
     }
   }
 
-  void notSource(int &out) {
+  void notSource(int &out) { // $ ast-def=out ir-def=*out
     out = source();
     if (arbitrary) {
       out = 1;
@@ -71,15 +71,15 @@ namespace withFields {
     int val;
   };
 
-  void assign(Int &lhs, int rhs) {
+  void assign(Int &lhs, int rhs) { // $ ast-def=lhs 
     lhs.val = rhs;
   }
 
-  void assignWrapper(Int &lhs, int rhs) {
+  void assignWrapper(Int &lhs, int rhs) { // $ ast-def=lhs
     assign(lhs, rhs);
   }
 
-  void notAssign(Int &lhs, int rhs) {
+  void notAssign(Int &lhs, int rhs) { // $ ast-def=lhs
     lhs.val = rhs;
     // Field flow ignores that the field is subsequently overwritten, leading
     // to false flow here.
@@ -90,22 +90,22 @@ namespace withFields {
     }
   }
 
-  void sourceToParam(Int &out) {
+  void sourceToParam(Int &out) { // $ ast-def=out
     out.val = source();
     if (arbitrary) {
       out.val = 1;
     }
   }
 
-  void sourceToParamWrapper(Int &out) {
+  void sourceToParamWrapper(Int &out) { // $ ast-def=out
     if (arbitrary) {
       sourceToParam(out);
     } else {
       out.val = 1;
     }
   }
 
-  void notSource(Int &out) {
+  void notSource(Int &out) { // $ ast-def=out
     out.val = source();
     // Field flow ignores that the field is subsequently overwritten, leading
     // to false flow here.
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
@@ -63,7 +63,7 @@ namespace std {
   template<class T> T&& move(T& t) noexcept; // simplified signature
 }
 
-void identityOperations(int* source1) {
+void identityOperations(int* source1) { // $ ast-def=source1 
   const int *x1 = std::move(source1);
   int* x2 = const_cast<int*>(x1);
   int* x3 = (x2);
@@ -86,7 +86,7 @@ void trackUninitialized() {
   sink(i1); // $ ast,ir
 }
 
-void local_references(int &source1, int clean1) {
+void local_references(int &source1, int clean1) { // $ ast-def=source1 ir-def=*source1
   sink(source1); // $ ast,ir
   source1 = clean1;
   sink(source1); // clean
@@ -111,17 +111,17 @@ void local_references(int &source1, int clean1) {
   }
 }
 
-int alwaysAssignSource(int *out) {
+int alwaysAssignSource(int *out) { // $ ast-def=out ir-def=*out 
   *out = source();
   return 0;
 }
 
-int alwaysAssign0(int *out) {
+int alwaysAssign0(int *out) { // $ ast-def=out ir-def=*out
   *out = 0;
   return 0;
 }
 
-int alwaysAssignInput(int *out, int in) {
+int alwaysAssignInput(int *out, int in) { // $ ast-def=out ir-def=*out
   *out = in;
   return 0;
 }
@@ -468,7 +468,7 @@ void throughStmtExpr(int source1, int clean1) {
   sink(local); // $ ast,ir
 }
 
-void intOutparamSource(int *p) {
+void intOutparamSource(int *p) { // $ ast-def=p ir-def=*p
   *p = source();
 }
 
@@ -484,7 +484,7 @@ struct MyStruct {
   int* content; 
 };
 
-void local_field_flow_def_by_ref_steps_with_local_flow(MyStruct * s) {
+void local_field_flow_def_by_ref_steps_with_local_flow(MyStruct * s) { // $ ast-def=s 
   writes_to_content(s->content);
   int* p_content = s->content;
   sink(*p_content);
@@ -502,7 +502,7 @@ void regression_with_phi_flow(int clean1) {
   }
 }
 
-int intOutparamSourceMissingReturn(int *p) {
+int intOutparamSourceMissingReturn(int *p) { // $ ast-def=p ir-def=*p
   *p = source();
   // return deliberately omitted to test IR dataflow behavior
 }
@@ -521,23 +521,23 @@ void uncertain_definition() {
   sink(stackArray[0]); // $ ast=519:19 ir SPURIOUS: ast=517:7
 }
 
-void set_through_const_pointer(int x, const int **e)
+void set_through_const_pointer(int x, const int **e) // $ ast-def=e ir-def=**e ir-def=*e
 {
   *e = &x;
 }
 
-void test_set_through_const_pointer(int *e)
+void test_set_through_const_pointer(int *e) // $ ast-def=e
 {
   set_through_const_pointer(source(), &e);
   sink(*e); // $ ir MISSING: ast
 }
 
-void sink_then_source_1(int* p) {
+void sink_then_source_1(int* p) { // $ ast-def=p ir-def=*p
     sink(*p); // $ ir // Flow from the unitialized x to the dereference.
     *p = source();
 }
 
-void sink_then_source_2(int* p, int y) {
+void sink_then_source_2(int* p, int y) { // $ ast-def=p ir-def=*p
     sink(y); // $ SPURIOUS: ast ir
     *p = source();
 }
@@ -578,3 +578,14 @@ namespace IndirectFlowThroughGlobals {
     sink(*globalInt); // $ ir=562:17 ir=576:17 MISSING: ast=562:17 ast=576:17
   }
 }
+
+void write_to_param(int* x) { // $ ast-def=x ir-def=*x
+  int s = source();
+  x = &s;
+}
+
+void test_write_to_param() {
+  int x = 0;
+  write_to_param(&x);
+  sink(x); // $ SPURIOUS: ast,ir
+}

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ void bg_stackstruct(XY s1, XY s2) {`
`56`	`56`	`}`
`57`	`57`	`}`
`58`	`58`
`59`		`-void bg_structptr(XY p1, XY p2) {`
	`59`	`+void bg_structptr(XY p1, XY p2) { // $ ast-def=p1 ast-def=p2`
`60`	`60`	`p1->x = source();`
`61`	`61`	`if (guarded(p1->x)) {`
`62`	`62`	`sink(p1->x); // $ SPURIOUS: ast`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ typedef struct`
`12`	`12`	`char isTrue;`
`13`	`13`	`} MyBool;`
`14`	`14`
`15`		`-void myTest_with_local_flow(MyBool *b, int pos)`
	`15`	`+void myTest_with_local_flow(MyBool *b, int pos) // $ ast-def=b`
`16`	`16`	`{`
`17`	`17`	`MyCoords coords = {0};`
`18`	`18`
Original file line number	Diff line number	Diff line change
`@@ -7,16 +7,16 @@ extern int arbitrary;`
`7`	`7`
`8`	`8`	`namespace withoutFields {`
`9`	`9`	`template<typename T>`
`10`		`- void assign(T &lhs, T rhs) {`
	`10`	`+ void assign(T &lhs, T rhs) { // $ ast-def=lhs ir-def=*lhs ast-def=lhs`
`11`	`11`	`lhs = rhs;`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`template<typename T>`
`15`		`- void assignWrapper(T &lhs, T rhs) {`
	`15`	`+ void assignWrapper(T &lhs, T rhs) { // $ ast-def=lhs ast-def=lhs`
`16`	`16`	`assign(lhs, rhs);`
`17`	`17`	`}`
`18`	`18`
`19`		`- void notAssign(int &lhs, int rhs) {`
	`19`	`+ void notAssign(int &lhs, int rhs) { // $ ast-def=lhs ir-def=*lhs`
`20`	`20`	`lhs = rhs;`
`21`	`21`	`if (arbitrary) {`
`22`	`22`	`lhs = 1;`
`@@ -25,22 +25,22 @@ namespace withoutFields {`
`25`	`25`	`}`
`26`	`26`	`}`
`27`	`27`
`28`		`- void sourceToParam(int &out) {`
	`28`	`+ void sourceToParam(int &out) { // $ ast-def=out ir-def=*out`
`29`	`29`	`out = source();`
`30`	`30`	`if (arbitrary) {`
`31`	`31`	`out = 1;`
`32`	`32`	`}`
`33`	`33`	`}`
`34`	`34`
`35`		`- void sourceToParamWrapper(int &out) {`
	`35`	`+ void sourceToParamWrapper(int &out) { // $ ast-def=out ir-def=*out`
`36`	`36`	`if (arbitrary) {`
`37`	`37`	`sourceToParam(out);`
`38`	`38`	`} else {`
`39`	`39`	`out = 1;`
`40`	`40`	`}`
`41`	`41`	`}`
`42`	`42`
`43`		`- void notSource(int &out) {`
	`43`	`+ void notSource(int &out) { // $ ast-def=out ir-def=*out`
`44`	`44`	`out = source();`
`45`	`45`	`if (arbitrary) {`
`46`	`46`	`out = 1;`
`@@ -71,15 +71,15 @@ namespace withFields {`
`71`	`71`	`int val;`
`72`	`72`	`};`
`73`	`73`
`74`		`- void assign(Int &lhs, int rhs) {`
	`74`	`+ void assign(Int &lhs, int rhs) { // $ ast-def=lhs`
`75`	`75`	`lhs.val = rhs;`
`76`	`76`	`}`
`77`	`77`
`78`		`- void assignWrapper(Int &lhs, int rhs) {`
	`78`	`+ void assignWrapper(Int &lhs, int rhs) { // $ ast-def=lhs`
`79`	`79`	`assign(lhs, rhs);`
`80`	`80`	`}`
`81`	`81`
`82`		`- void notAssign(Int &lhs, int rhs) {`
	`82`	`+ void notAssign(Int &lhs, int rhs) { // $ ast-def=lhs`
`83`	`83`	`lhs.val = rhs;`
`84`	`84`	`// Field flow ignores that the field is subsequently overwritten, leading`
`85`	`85`	`// to false flow here.`
`@@ -90,22 +90,22 @@ namespace withFields {`
`90`	`90`	`}`
`91`	`91`	`}`
`92`	`92`
`93`		`- void sourceToParam(Int &out) {`
	`93`	`+ void sourceToParam(Int &out) { // $ ast-def=out`
`94`	`94`	`out.val = source();`
`95`	`95`	`if (arbitrary) {`
`96`	`96`	`out.val = 1;`
`97`	`97`	`}`
`98`	`98`	`}`
`99`	`99`
`100`		`- void sourceToParamWrapper(Int &out) {`
	`100`	`+ void sourceToParamWrapper(Int &out) { // $ ast-def=out`
`101`	`101`	`if (arbitrary) {`
`102`	`102`	`sourceToParam(out);`
`103`	`103`	`} else {`
`104`	`104`	`out.val = 1;`
`105`	`105`	`}`
`106`	`106`	`}`
`107`	`107`
`108`		`- void notSource(Int &out) {`
	`108`	`+ void notSource(Int &out) { // $ ast-def=out`
`109`	`109`	`out.val = source();`
`110`	`110`	`// Field flow ignores that the field is subsequently overwritten, leading`
`111`	`111`	`// to false flow here.`
Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ namespace std {`
`63`	`63`	`template<class T> T&& move(T& t) noexcept; // simplified signature`
`64`	`64`	`}`
`65`	`65`
`66`		`-void identityOperations(int* source1) {`
	`66`	`+void identityOperations(int* source1) { // $ ast-def=source1`
`67`	`67`	`const int *x1 = std::move(source1);`
`68`	`68`	`int* x2 = const_cast<int*>(x1);`
`69`	`69`	`int* x3 = (x2);`
`@@ -86,7 +86,7 @@ void trackUninitialized() {`
`86`	`86`	`sink(i1); // $ ast,ir`
`87`	`87`	`}`
`88`	`88`
`89`		`-void local_references(int &source1, int clean1) {`
	`89`	`+void local_references(int &source1, int clean1) { // $ ast-def=source1 ir-def=*source1`
`90`	`90`	`sink(source1); // $ ast,ir`
`91`	`91`	`source1 = clean1;`
`92`	`92`	`sink(source1); // clean`
`@@ -111,17 +111,17 @@ void local_references(int &source1, int clean1) {`
`111`	`111`	`}`
`112`	`112`	`}`
`113`	`113`
`114`		`-int alwaysAssignSource(int *out) {`
	`114`	`+int alwaysAssignSource(int out) { // $ ast-def=out ir-def=out`
`115`	`115`	`*out = source();`
`116`	`116`	`return 0;`
`117`	`117`	`}`
`118`	`118`
`119`		`-int alwaysAssign0(int *out) {`
	`119`	`+int alwaysAssign0(int out) { // $ ast-def=out ir-def=out`
`120`	`120`	`*out = 0;`
`121`	`121`	`return 0;`
`122`	`122`	`}`
`123`	`123`
`124`		`-int alwaysAssignInput(int *out, int in) {`
	`124`	`+int alwaysAssignInput(int out, int in) { // $ ast-def=out ir-def=out`
`125`	`125`	`*out = in;`
`126`	`126`	`return 0;`
`127`	`127`	`}`
`@@ -468,7 +468,7 @@ void throughStmtExpr(int source1, int clean1) {`
`468`	`468`	`sink(local); // $ ast,ir`
`469`	`469`	`}`
`470`	`470`
`471`		`-void intOutparamSource(int *p) {`
	`471`	`+void intOutparamSource(int p) { // $ ast-def=p ir-def=p`
`472`	`472`	`*p = source();`
`473`	`473`	`}`
`474`	`474`
`@@ -484,7 +484,7 @@ struct MyStruct {`
`484`	`484`	`int* content;`
`485`	`485`	`};`
`486`	`486`
`487`		`-void local_field_flow_def_by_ref_steps_with_local_flow(MyStruct * s) {`
	`487`	`+void local_field_flow_def_by_ref_steps_with_local_flow(MyStruct * s) { // $ ast-def=s`
`488`	`488`	`writes_to_content(s->content);`
`489`	`489`	`int* p_content = s->content;`
`490`	`490`	`sink(*p_content);`
`@@ -502,7 +502,7 @@ void regression_with_phi_flow(int clean1) {`
`502`	`502`	`}`
`503`	`503`	`}`
`504`	`504`
`505`		`-int intOutparamSourceMissingReturn(int *p) {`
	`505`	`+int intOutparamSourceMissingReturn(int p) { // $ ast-def=p ir-def=p`
`506`	`506`	`*p = source();`
`507`	`507`	`// return deliberately omitted to test IR dataflow behavior`
`508`	`508`	`}`
`@@ -521,23 +521,23 @@ void uncertain_definition() {`
`521`	`521`	`sink(stackArray[0]); // $ ast=519:19 ir SPURIOUS: ast=517:7`
`522`	`522`	`}`
`523`	`523`
`524`		`-void set_through_const_pointer(int x, const int **e)`
	`524`	`+void set_through_const_pointer(int x, const int e) // $ ast-def=e ir-def=e ir-def=*e`
`525`	`525`	`{`
`526`	`526`	`*e = &x;`
`527`	`527`	`}`
`528`	`528`
`529`		`-void test_set_through_const_pointer(int *e)`
	`529`	`+void test_set_through_const_pointer(int *e) // $ ast-def=e`
`530`	`530`	`{`
`531`	`531`	`set_through_const_pointer(source(), &e);`
`532`	`532`	`sink(*e); // $ ir MISSING: ast`
`533`	`533`	`}`
`534`	`534`
`535`		`-void sink_then_source_1(int* p) {`
	`535`	`+void sink_then_source_1(int* p) { // $ ast-def=p ir-def=*p`
`536`	`536`	`sink(*p); // $ ir // Flow from the unitialized x to the dereference.`
`537`	`537`	`*p = source();`
`538`	`538`	`}`
`539`	`539`
`540`		`-void sink_then_source_2(int* p, int y) {`
	`540`	`+void sink_then_source_2(int* p, int y) { // $ ast-def=p ir-def=*p`
`541`	`541`	`sink(y); // $ SPURIOUS: ast ir`
`542`	`542`	`*p = source();`
`543`	`543`	`}`
`@@ -578,3 +578,14 @@ namespace IndirectFlowThroughGlobals {`
`578`	`578`	`sink(*globalInt); // $ ir=562:17 ir=576:17 MISSING: ast=562:17 ast=576:17`
`579`	`579`	`}`
`580`	`580`	`}`
	`581`	`+`
	`582`	`+void write_to_param(int* x) { // $ ast-def=x ir-def=*x`
	`583`	`+ int s = source();`
	`584`	`+ x = &s;`
	`585`	`+}`
	`586`	`+`
	`587`	`+void test_write_to_param() {`
	`588`	`+ int x = 0;`
	`589`	`+ write_to_param(&x);`
	`590`	`+ sink(x); // $ SPURIOUS: ast,ir`
	`591`	`+}`