From 562bffe71047d90de8f9ab05182d3b4258a9dd2a Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Thu, 12 Sep 2019 10:17:01 +0200 Subject: [PATCH 1/2] C++: Simplify `toString` of ImplicitParameterNode This string looked out of place compared to `ExplicitParameterNode`, whose string is simply the name of the parameter and therefore indistinguishable from an access to the parameter without looking at the location also. This has not been a problem so far, and if we want to distinguish more clearly between initial values and accesses at some point, we should do it for `ExplicitParameterNode` and `UninitializedNode` too. --- .../cpp/dataflow/internal/DataFlowUtil.qll | 2 +- .../dataflow/fields/flow.expected | 18 +++++++++--------- .../dataflow/taint-tests/localTaint.expected | 16 ++++++++-------- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll index abbb5190d463..cc9687296f7b 100644 --- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll @@ -179,7 +179,7 @@ class ImplicitParameterNode extends ParameterNode, TInstanceParameterNode { override Type getType() { result = f.getDeclaringType() } - override string toString() { result = "`this` parameter in " + f.getName() } + override string toString() { result = "this" } override Location getLocation() { result = f.getLocation() } diff --git a/cpp/ql/test/library-tests/dataflow/fields/flow.expected b/cpp/ql/test/library-tests/dataflow/fields/flow.expected index 1119b705bbf5..d9bc55253f90 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/flow.expected @@ -78,15 +78,15 @@ edges | B.cpp:19:14:19:17 | box1 [elem2] | B.cpp:19:20:19:24 | elem2 | | C.cpp:18:12:18:18 | call to C [s1] | C.cpp:19:5:19:5 | c [s1] | | C.cpp:18:12:18:18 | call to C [s3] | C.cpp:19:5:19:5 | c [s3] | -| C.cpp:19:5:19:5 | c [s1] | C.cpp:27:8:27:11 | `this` parameter in func [s1] | -| C.cpp:19:5:19:5 | c [s3] | C.cpp:27:8:27:11 | `this` parameter in func [s3] | +| C.cpp:19:5:19:5 | c [s1] | C.cpp:27:8:27:11 | this [s1] | +| C.cpp:19:5:19:5 | c [s3] | C.cpp:27:8:27:11 | this [s3] | | C.cpp:22:9:22:22 | constructor init of field s1 [post-this] [s1] | C.cpp:18:12:18:18 | call to C [s1] | | C.cpp:22:12:22:21 | new | C.cpp:22:9:22:22 | constructor init of field s1 [post-this] [s1] | | C.cpp:24:5:24:8 | this [post update] [s3] | C.cpp:18:12:18:18 | call to C [s3] | | C.cpp:24:5:24:25 | ... = ... | C.cpp:24:5:24:8 | this [post update] [s3] | | C.cpp:24:16:24:25 | new | C.cpp:24:5:24:25 | ... = ... | -| C.cpp:27:8:27:11 | `this` parameter in func [s1] | C.cpp:29:10:29:11 | this [s1] | -| C.cpp:27:8:27:11 | `this` parameter in func [s3] | C.cpp:31:10:31:11 | this [s3] | +| C.cpp:27:8:27:11 | this [s1] | C.cpp:29:10:29:11 | this [s1] | +| C.cpp:27:8:27:11 | this [s3] | C.cpp:31:10:31:11 | this [s3] | | C.cpp:29:10:29:11 | this [s1] | C.cpp:29:10:29:11 | s1 | | C.cpp:31:10:31:11 | this [s3] | C.cpp:31:10:31:11 | s3 | | D.cpp:21:30:21:31 | b2 [box, elem] | D.cpp:22:10:22:11 | b2 [box, elem] | @@ -117,8 +117,8 @@ edges | D.cpp:58:5:58:12 | this [post update] [boxfield, box, ... (3)] | D.cpp:59:5:59:7 | this [boxfield, box, ... (3)] | | D.cpp:58:5:58:27 | ... = ... | D.cpp:58:15:58:17 | box [post update] [elem] | | D.cpp:58:15:58:17 | box [post update] [elem] | D.cpp:58:5:58:12 | boxfield [post update] [box, elem] | -| D.cpp:59:5:59:7 | this [boxfield, box, ... (3)] | D.cpp:63:8:63:10 | `this` parameter in f5b [boxfield, box, ... (3)] | -| D.cpp:63:8:63:10 | `this` parameter in f5b [boxfield, box, ... (3)] | D.cpp:64:10:64:17 | this [boxfield, box, ... (3)] | +| D.cpp:59:5:59:7 | this [boxfield, box, ... (3)] | D.cpp:63:8:63:10 | this [boxfield, box, ... (3)] | +| D.cpp:63:8:63:10 | this [boxfield, box, ... (3)] | D.cpp:64:10:64:17 | this [boxfield, box, ... (3)] | | D.cpp:64:10:64:17 | boxfield [box, elem] | D.cpp:64:20:64:22 | box [elem] | | D.cpp:64:10:64:17 | this [boxfield, box, ... (3)] | D.cpp:64:10:64:17 | boxfield [box, elem] | | D.cpp:64:20:64:22 | box [elem] | D.cpp:64:25:64:28 | elem | @@ -313,8 +313,8 @@ nodes | C.cpp:24:5:24:8 | this [post update] [s3] | semmle.label | this [post update] [s3] | | C.cpp:24:5:24:25 | ... = ... | semmle.label | ... = ... | | C.cpp:24:16:24:25 | new | semmle.label | new | -| C.cpp:27:8:27:11 | `this` parameter in func [s1] | semmle.label | `this` parameter in func [s1] | -| C.cpp:27:8:27:11 | `this` parameter in func [s3] | semmle.label | `this` parameter in func [s3] | +| C.cpp:27:8:27:11 | this [s1] | semmle.label | this [s1] | +| C.cpp:27:8:27:11 | this [s3] | semmle.label | this [s3] | | C.cpp:29:10:29:11 | s1 | semmle.label | s1 | | C.cpp:29:10:29:11 | this [s1] | semmle.label | this [s1] | | C.cpp:31:10:31:11 | s3 | semmle.label | s3 | @@ -349,7 +349,7 @@ nodes | D.cpp:58:5:58:27 | ... = ... | semmle.label | ... = ... | | D.cpp:58:15:58:17 | box [post update] [elem] | semmle.label | box [post update] [elem] | | D.cpp:59:5:59:7 | this [boxfield, box, ... (3)] | semmle.label | this [boxfield, box, ... (3)] | -| D.cpp:63:8:63:10 | `this` parameter in f5b [boxfield, box, ... (3)] | semmle.label | `this` parameter in f5b [boxfield, box, ... (3)] | +| D.cpp:63:8:63:10 | this [boxfield, box, ... (3)] | semmle.label | this [boxfield, box, ... (3)] | | D.cpp:64:10:64:17 | boxfield [box, elem] | semmle.label | boxfield [box, elem] | | D.cpp:64:10:64:17 | this [boxfield, box, ... (3)] | semmle.label | this [boxfield, box, ... (3)] | | D.cpp:64:20:64:22 | box [elem] | semmle.label | box [elem] | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 4895cf711126..efad80dd9f97 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -40,7 +40,7 @@ | taint.cpp:37:12:37:20 | call to increment | taint.cpp:43:7:43:13 | global9 | | | taint.cpp:38:13:38:16 | call to zero | taint.cpp:38:2:38:26 | ... = ... | | | taint.cpp:38:13:38:16 | call to zero | taint.cpp:44:7:44:14 | global10 | | -| taint.cpp:71:2:71:8 | `this` parameter in MyClass | taint.cpp:71:14:71:17 | constructor init of field a [pre-this] | | +| taint.cpp:71:2:71:8 | this | taint.cpp:71:14:71:17 | constructor init of field a [pre-this] | | | taint.cpp:71:14:71:17 | 0 | taint.cpp:71:14:71:17 | constructor init of field a | TAINT | | taint.cpp:71:14:71:17 | constructor init of field a [post-this] | taint.cpp:71:20:71:30 | constructor init of field b [pre-this] | | | taint.cpp:71:14:71:17 | constructor init of field a [pre-this] | taint.cpp:71:20:71:30 | constructor init of field b [pre-this] | | @@ -51,7 +51,7 @@ | taint.cpp:72:3:72:3 | this [post update] | taint.cpp:73:3:73:3 | this | | | taint.cpp:72:7:72:12 | call to source | taint.cpp:72:3:72:14 | ... = ... | | | taint.cpp:73:7:73:7 | 0 | taint.cpp:73:3:73:7 | ... = ... | | -| taint.cpp:76:7:76:14 | `this` parameter in myMethod | taint.cpp:77:3:77:3 | this | | +| taint.cpp:76:7:76:14 | this | taint.cpp:77:3:77:3 | this | | | taint.cpp:77:7:77:12 | call to source | taint.cpp:77:3:77:14 | ... = ... | | | taint.cpp:84:10:84:12 | call to MyClass | taint.cpp:86:2:86:4 | mc1 | | | taint.cpp:84:10:84:12 | call to MyClass | taint.cpp:88:7:88:9 | mc1 | | @@ -188,36 +188,36 @@ | taint.cpp:226:9:226:10 | 0 | taint.cpp:261:7:261:7 | w | | | taint.cpp:228:11:228:11 | Unknown literal | taint.cpp:228:11:228:11 | constructor init of field t | TAINT | | taint.cpp:228:11:228:11 | Unknown literal | taint.cpp:228:11:228:11 | constructor init of field u | TAINT | -| taint.cpp:228:11:228:11 | `this` parameter in (constructor) | taint.cpp:228:11:228:11 | constructor init of field t [pre-this] | | | taint.cpp:228:11:228:11 | constructor init of field t [post-this] | taint.cpp:228:11:228:11 | constructor init of field u [pre-this] | | | taint.cpp:228:11:228:11 | constructor init of field t [pre-this] | taint.cpp:228:11:228:11 | constructor init of field u [pre-this] | | +| taint.cpp:228:11:228:11 | this | taint.cpp:228:11:228:11 | constructor init of field t [pre-this] | | | taint.cpp:228:11:232:2 | [...](...){...} | taint.cpp:233:7:233:7 | a | | | taint.cpp:228:11:232:2 | {...} | taint.cpp:228:11:232:2 | [...](...){...} | | -| taint.cpp:228:17:228:17 | `this` parameter in operator() | taint.cpp:229:3:229:6 | this | | +| taint.cpp:228:17:228:17 | this | taint.cpp:229:3:229:6 | this | | | taint.cpp:229:3:229:6 | this | taint.cpp:230:3:230:6 | this | | | taint.cpp:230:3:230:6 | this | taint.cpp:231:3:231:11 | this | | | taint.cpp:235:11:235:11 | Unknown literal | taint.cpp:235:11:235:11 | constructor init of field t | TAINT | | taint.cpp:235:11:235:11 | Unknown literal | taint.cpp:235:11:235:11 | constructor init of field u | TAINT | | taint.cpp:235:11:235:11 | Unknown literal | taint.cpp:235:11:235:11 | constructor init of field v | TAINT | -| taint.cpp:235:11:235:11 | `this` parameter in (constructor) | taint.cpp:235:11:235:11 | constructor init of field t [pre-this] | | | taint.cpp:235:11:235:11 | constructor init of field t [post-this] | taint.cpp:235:11:235:11 | constructor init of field u [pre-this] | | | taint.cpp:235:11:235:11 | constructor init of field t [pre-this] | taint.cpp:235:11:235:11 | constructor init of field u [pre-this] | | | taint.cpp:235:11:235:11 | constructor init of field u [post-this] | taint.cpp:235:11:235:11 | constructor init of field v [pre-this] | | | taint.cpp:235:11:235:11 | constructor init of field u [pre-this] | taint.cpp:235:11:235:11 | constructor init of field v [pre-this] | | +| taint.cpp:235:11:235:11 | this | taint.cpp:235:11:235:11 | constructor init of field t [pre-this] | | | taint.cpp:235:11:239:2 | [...](...){...} | taint.cpp:240:2:240:2 | b | | | taint.cpp:235:11:239:2 | {...} | taint.cpp:235:11:239:2 | [...](...){...} | | -| taint.cpp:235:15:235:15 | `this` parameter in operator() | taint.cpp:236:3:236:6 | this | | +| taint.cpp:235:15:235:15 | this | taint.cpp:236:3:236:6 | this | | | taint.cpp:236:3:236:6 | this | taint.cpp:237:3:237:6 | this | | | taint.cpp:237:3:237:6 | this | taint.cpp:238:3:238:14 | this | | | taint.cpp:238:7:238:12 | call to source | taint.cpp:238:3:238:14 | ... = ... | | | taint.cpp:243:11:243:11 | Unknown literal | taint.cpp:243:11:243:11 | constructor init of field t | TAINT | | taint.cpp:243:11:243:11 | Unknown literal | taint.cpp:243:11:243:11 | constructor init of field u | TAINT | -| taint.cpp:243:11:243:11 | `this` parameter in (constructor) | taint.cpp:243:11:243:11 | constructor init of field t [pre-this] | | | taint.cpp:243:11:243:11 | constructor init of field t [post-this] | taint.cpp:243:11:243:11 | constructor init of field u [pre-this] | | | taint.cpp:243:11:243:11 | constructor init of field t [pre-this] | taint.cpp:243:11:243:11 | constructor init of field u [pre-this] | | +| taint.cpp:243:11:243:11 | this | taint.cpp:243:11:243:11 | constructor init of field t [pre-this] | | | taint.cpp:243:11:246:2 | [...](...){...} | taint.cpp:247:2:247:2 | c | | | taint.cpp:243:11:246:2 | {...} | taint.cpp:243:11:246:2 | [...](...){...} | | -| taint.cpp:243:15:243:15 | `this` parameter in operator() | taint.cpp:244:3:244:6 | this | | +| taint.cpp:243:15:243:15 | this | taint.cpp:244:3:244:6 | this | | | taint.cpp:244:3:244:6 | this | taint.cpp:245:3:245:6 | this | | | taint.cpp:249:11:252:2 | [...](...){...} | taint.cpp:253:2:253:2 | d | | | taint.cpp:249:18:249:18 | a | taint.cpp:250:8:250:8 | a | | From 7cfbe88e7bdd7140054a70d45dcd428f4cb3b20e Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Thu, 12 Sep 2019 10:20:39 +0200 Subject: [PATCH 2/2] C++: IR DataFlow::Node.toString consistency The `toString` for IR data-flow nodes are now similar to AST data-flow nodes. This should make it easier to use the IR as a drop-in replacement in the future. There are still differences because the IR data flow library takes conversions into account. I did not attempt to align the new nodes we use for field flow. That can come later, when we add field flow to IR data flow. --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 18 +++- .../dataflow/dataflow-tests/test_ir.expected | 88 +++++++++---------- .../dataflow/taint-tests/test_ir.expected | 24 ++--- 3 files changed, 74 insertions(+), 56 deletions(-) diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 0476ea3c30ab..b5415f2bc656 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -84,7 +84,11 @@ class Node extends TIRDataFlowNode { this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) } - string toString() { result = instr.toString() } + string toString() { + // This predicate is overridden in subclasses. This default implementation + // does not use `Instruction.toString` because that's expensive to compute. + result = this.asInstruction().getOpcode().toString() + } } /** @@ -106,6 +110,8 @@ class ExprNode extends Node { * expression may be a `Conversion`. */ Expr getConvertedExpr() { result = this.asConvertedExpr() } + + override string toString() { result = this.asConvertedExpr().toString() } } /** @@ -122,6 +128,14 @@ class ParameterNode extends Node { predicate isParameterOf(Function f, int i) { f.getParameter(i) = instr.getParameter() } Parameter getParameter() { result = instr.getParameter() } + + override string toString() { result = instr.getParameter().toString() } +} + +private class ThisParameterNode extends Node { + override InitializeThisInstruction instr; + + override string toString() { result = "this" } } /** @@ -132,6 +146,8 @@ class UninitializedNode extends Node { override UninitializedInstruction instr; LocalVariable getLocalVariable() { result = instr.getLocalVariable() } + + override string toString() { result = this.getLocalVariable().toString() } } /** diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected index 83ba546480f9..8ec0cf4f397b 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected @@ -1,44 +1,44 @@ -| acrossLinkTargets.cpp:12:8:12:8 | Convert: (int)... | acrossLinkTargets.cpp:19:27:19:32 | Call: call to source | -| acrossLinkTargets.cpp:12:8:12:8 | Load: x | acrossLinkTargets.cpp:19:27:19:32 | Call: call to source | -| clang.cpp:18:8:18:19 | Convert: (const int *)... | clang.cpp:12:9:12:20 | InitializeParameter: sourceArray1 | -| clang.cpp:18:8:18:19 | Load: sourceArray1 | clang.cpp:12:9:12:20 | InitializeParameter: sourceArray1 | -| clang.cpp:37:10:37:11 | Load: m2 | clang.cpp:34:32:34:37 | Call: call to source | -| clang.cpp:41:18:41:19 | Load: m2 | clang.cpp:39:42:39:47 | Call: call to source | -| clang.cpp:45:17:45:18 | Load: m2 | clang.cpp:43:35:43:40 | Call: call to source | -| test.cpp:7:8:7:9 | Load: t1 | test.cpp:6:12:6:17 | Call: call to source | -| test.cpp:9:8:9:9 | Load: t1 | test.cpp:6:12:6:17 | Call: call to source | -| test.cpp:10:8:10:9 | Load: t2 | test.cpp:6:12:6:17 | Call: call to source | -| test.cpp:15:8:15:9 | Load: t2 | test.cpp:6:12:6:17 | Call: call to source | -| test.cpp:26:8:26:9 | Load: t1 | test.cpp:6:12:6:17 | Call: call to source | -| test.cpp:30:8:30:8 | Load: t | test.cpp:35:10:35:15 | Call: call to source | -| test.cpp:31:8:31:8 | Load: c | test.cpp:36:13:36:18 | Call: call to source | -| test.cpp:58:10:58:10 | Load: t | test.cpp:50:14:50:19 | Call: call to source | -| test.cpp:71:8:71:9 | Load: x4 | test.cpp:66:30:66:36 | InitializeParameter: source1 | -| test.cpp:76:8:76:9 | Load: u1 | test.cpp:75:7:75:8 | Uninitialized: definition of u1 | -| test.cpp:84:8:84:18 | Load: ... ? ... : ... | test.cpp:83:7:83:8 | Uninitialized: definition of u2 | -| test.cpp:86:8:86:9 | Load: i1 | test.cpp:83:7:83:8 | Uninitialized: definition of u2 | -| test.cpp:90:8:90:14 | Load: source1 | test.cpp:89:28:89:34 | InitializeParameter: source1 | -| test.cpp:92:8:92:14 | Load: source1 | test.cpp:89:28:89:34 | InitializeParameter: source1 | -| test.cpp:110:10:110:12 | Load: (reference dereference) | test.cpp:109:9:109:14 | Call: call to source | -| test.cpp:140:8:140:8 | Load: y | test.cpp:138:27:138:32 | Call: call to source | -| test.cpp:144:8:144:8 | Load: s | test.cpp:151:33:151:38 | Call: call to source | -| test.cpp:152:8:152:8 | Load: y | test.cpp:151:33:151:38 | Call: call to source | -| test.cpp:157:8:157:8 | Load: x | test.cpp:164:34:164:39 | Call: call to source | -| test.cpp:165:8:165:8 | Load: y | test.cpp:164:34:164:39 | Call: call to source | -| test.cpp:178:8:178:8 | Load: y | test.cpp:171:11:171:16 | Call: call to source | -| test.cpp:260:12:260:12 | Load: x | test.cpp:245:14:245:19 | Call: call to source | -| test.cpp:266:12:266:12 | Load: x | test.cpp:265:22:265:27 | Call: call to source | -| test.cpp:289:14:289:14 | Load: x | test.cpp:305:17:305:22 | Call: call to source | -| test.cpp:318:7:318:7 | Load: x | test.cpp:314:4:314:9 | Call: call to source | -| test.cpp:450:9:450:22 | CopyValue: (statement expression) | test.cpp:449:26:449:32 | InitializeParameter: source1 | -| test.cpp:461:8:461:12 | Load: local | test.cpp:449:26:449:32 | InitializeParameter: source1 | -| true_upon_entry.cpp:13:8:13:8 | Load: x | true_upon_entry.cpp:9:11:9:16 | Call: call to source | -| true_upon_entry.cpp:21:8:21:8 | Load: x | true_upon_entry.cpp:17:11:17:16 | Call: call to source | -| true_upon_entry.cpp:29:8:29:8 | Load: x | true_upon_entry.cpp:27:9:27:14 | Call: call to source | -| true_upon_entry.cpp:39:8:39:8 | Load: x | true_upon_entry.cpp:33:11:33:16 | Call: call to source | -| true_upon_entry.cpp:49:8:49:8 | Load: x | true_upon_entry.cpp:43:11:43:16 | Call: call to source | -| true_upon_entry.cpp:57:8:57:8 | Load: x | true_upon_entry.cpp:54:11:54:16 | Call: call to source | -| true_upon_entry.cpp:66:8:66:8 | Load: x | true_upon_entry.cpp:62:11:62:16 | Call: call to source | -| true_upon_entry.cpp:78:8:78:8 | Load: x | true_upon_entry.cpp:70:11:70:16 | Call: call to source | -| true_upon_entry.cpp:86:8:86:8 | Load: x | true_upon_entry.cpp:83:11:83:16 | Call: call to source | -| true_upon_entry.cpp:105:8:105:8 | Load: x | true_upon_entry.cpp:98:11:98:16 | Call: call to source | +| acrossLinkTargets.cpp:12:8:12:8 | (int)... | acrossLinkTargets.cpp:19:27:19:32 | call to source | +| acrossLinkTargets.cpp:12:8:12:8 | x | acrossLinkTargets.cpp:19:27:19:32 | call to source | +| clang.cpp:18:8:18:19 | (const int *)... | clang.cpp:12:9:12:20 | sourceArray1 | +| clang.cpp:18:8:18:19 | sourceArray1 | clang.cpp:12:9:12:20 | sourceArray1 | +| clang.cpp:37:10:37:11 | m2 | clang.cpp:34:32:34:37 | call to source | +| clang.cpp:41:18:41:19 | m2 | clang.cpp:39:42:39:47 | call to source | +| clang.cpp:45:17:45:18 | m2 | clang.cpp:43:35:43:40 | call to source | +| test.cpp:7:8:7:9 | t1 | test.cpp:6:12:6:17 | call to source | +| test.cpp:9:8:9:9 | t1 | test.cpp:6:12:6:17 | call to source | +| test.cpp:10:8:10:9 | t2 | test.cpp:6:12:6:17 | call to source | +| test.cpp:15:8:15:9 | t2 | test.cpp:6:12:6:17 | call to source | +| test.cpp:26:8:26:9 | t1 | test.cpp:6:12:6:17 | call to source | +| test.cpp:30:8:30:8 | t | test.cpp:35:10:35:15 | call to source | +| test.cpp:31:8:31:8 | c | test.cpp:36:13:36:18 | call to source | +| test.cpp:58:10:58:10 | t | test.cpp:50:14:50:19 | call to source | +| test.cpp:71:8:71:9 | x4 | test.cpp:66:30:66:36 | source1 | +| test.cpp:76:8:76:9 | u1 | test.cpp:75:7:75:8 | u1 | +| test.cpp:84:8:84:18 | ... ? ... : ... | test.cpp:83:7:83:8 | u2 | +| test.cpp:86:8:86:9 | i1 | test.cpp:83:7:83:8 | u2 | +| test.cpp:90:8:90:14 | source1 | test.cpp:89:28:89:34 | source1 | +| test.cpp:92:8:92:14 | source1 | test.cpp:89:28:89:34 | source1 | +| test.cpp:110:10:110:12 | (reference dereference) | test.cpp:109:9:109:14 | call to source | +| test.cpp:140:8:140:8 | y | test.cpp:138:27:138:32 | call to source | +| test.cpp:144:8:144:8 | s | test.cpp:151:33:151:38 | call to source | +| test.cpp:152:8:152:8 | y | test.cpp:151:33:151:38 | call to source | +| test.cpp:157:8:157:8 | x | test.cpp:164:34:164:39 | call to source | +| test.cpp:165:8:165:8 | y | test.cpp:164:34:164:39 | call to source | +| test.cpp:178:8:178:8 | y | test.cpp:171:11:171:16 | call to source | +| test.cpp:260:12:260:12 | x | test.cpp:245:14:245:19 | call to source | +| test.cpp:266:12:266:12 | x | test.cpp:265:22:265:27 | call to source | +| test.cpp:289:14:289:14 | x | test.cpp:305:17:305:22 | call to source | +| test.cpp:318:7:318:7 | x | test.cpp:314:4:314:9 | call to source | +| test.cpp:450:9:450:22 | (statement expression) | test.cpp:449:26:449:32 | source1 | +| test.cpp:461:8:461:12 | local | test.cpp:449:26:449:32 | source1 | +| true_upon_entry.cpp:13:8:13:8 | x | true_upon_entry.cpp:9:11:9:16 | call to source | +| true_upon_entry.cpp:21:8:21:8 | x | true_upon_entry.cpp:17:11:17:16 | call to source | +| true_upon_entry.cpp:29:8:29:8 | x | true_upon_entry.cpp:27:9:27:14 | call to source | +| true_upon_entry.cpp:39:8:39:8 | x | true_upon_entry.cpp:33:11:33:16 | call to source | +| true_upon_entry.cpp:49:8:49:8 | x | true_upon_entry.cpp:43:11:43:16 | call to source | +| true_upon_entry.cpp:57:8:57:8 | x | true_upon_entry.cpp:54:11:54:16 | call to source | +| true_upon_entry.cpp:66:8:66:8 | x | true_upon_entry.cpp:62:11:62:16 | call to source | +| true_upon_entry.cpp:78:8:78:8 | x | true_upon_entry.cpp:70:11:70:16 | call to source | +| true_upon_entry.cpp:86:8:86:8 | x | true_upon_entry.cpp:83:11:83:16 | call to source | +| true_upon_entry.cpp:105:8:105:8 | x | true_upon_entry.cpp:98:11:98:16 | call to source | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected index b08cc19d0dfa..de2c7642e44b 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected @@ -1,11 +1,13 @@ -| taint.cpp:8:8:8:13 | Load: clean1 | taint.cpp:4:27:4:33 | InitializeParameter: source1 | -| taint.cpp:16:8:16:14 | Load: source1 | taint.cpp:12:22:12:27 | Call: call to source | -| taint.cpp:17:8:17:16 | Add: ++ ... | taint.cpp:12:22:12:27 | Call: call to source | -| taint.cpp:109:7:109:13 | Load: access to array | taint.cpp:105:12:105:17 | Call: call to source | -| taint.cpp:129:7:129:9 | Load: * ... | taint.cpp:120:11:120:16 | Call: call to source | -| taint.cpp:130:7:130:9 | Load: * ... | taint.cpp:127:8:127:13 | Call: call to source | -| taint.cpp:134:7:134:9 | Load: * ... | taint.cpp:120:11:120:16 | Call: call to source | -| taint.cpp:151:7:151:12 | Call: call to select | taint.cpp:151:20:151:25 | Call: call to source | -| taint.cpp:167:8:167:13 | Call: call to source | taint.cpp:167:8:167:13 | Call: call to source | -| taint.cpp:168:8:168:14 | Load: tainted | taint.cpp:164:19:164:24 | Call: call to source | -| taint.cpp:210:7:210:7 | Load: x | taint.cpp:207:6:207:11 | Call: call to source | +| taint.cpp:8:8:8:13 | clean1 | taint.cpp:4:27:4:33 | source1 | +| taint.cpp:16:8:16:14 | source1 | taint.cpp:12:22:12:27 | ... = ... | +| taint.cpp:16:8:16:14 | source1 | taint.cpp:12:22:12:27 | call to source | +| taint.cpp:17:8:17:16 | ++ ... | taint.cpp:12:22:12:27 | ... = ... | +| taint.cpp:17:8:17:16 | ++ ... | taint.cpp:12:22:12:27 | call to source | +| taint.cpp:109:7:109:13 | access to array | taint.cpp:105:12:105:17 | call to source | +| taint.cpp:129:7:129:9 | * ... | taint.cpp:120:11:120:16 | call to source | +| taint.cpp:130:7:130:9 | * ... | taint.cpp:127:8:127:13 | call to source | +| taint.cpp:134:7:134:9 | * ... | taint.cpp:120:11:120:16 | call to source | +| taint.cpp:151:7:151:12 | call to select | taint.cpp:151:20:151:25 | call to source | +| taint.cpp:167:8:167:13 | call to source | taint.cpp:167:8:167:13 | call to source | +| taint.cpp:168:8:168:14 | tainted | taint.cpp:164:19:164:24 | call to source | +| taint.cpp:210:7:210:7 | x | taint.cpp:207:6:207:11 | call to source |