Skip to content

Commit 4d743d2

Browse files
rdmarsh2rdmarsh2
authored
Merge pull request #2692 from jbj/pure-string-read
C++: Model that string functions read their buffer
2 parents 3745388 + fb6ad52 commit 4d743d2

File tree

4 files changed

+24
-13
lines changed

4 files changed

+24
-13
lines changed

cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,11 @@ class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideE
8383
override predicate hasOnlySpecificReadSideEffects() { none() }
8484

8585
override predicate hasOnlySpecificWriteSideEffects() { any() }
86+
87+
override predicate hasSpecificReadSideEffect(ParameterIndex i, boolean buffer) {
88+
getParameter(i).getUnspecifiedType() instanceof PointerType and
89+
buffer = true
90+
}
8691
}
8792

8893
class PureFunction extends TaintFunction, SideEffectFunction {

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -850,23 +850,26 @@ ssa.cpp:
850850
# 199| r199_8(char *) = Convert : r199_7
851851
# 199| r199_9(int) = Call : func:r199_2, 0:r199_5, 1:r199_8
852852
# 199| v199_10(void) = ^CallReadSideEffect : ~m198_13
853-
# 199| m199_11(int) = Store : &:r199_1, r199_9
853+
# 199| v199_11(void) = ^BufferReadSideEffect[0] : &:r199_5, ~m198_13
854+
# 199| v199_12(void) = ^BufferReadSideEffect[1] : &:r199_8, ~m198_13
855+
# 199| m199_13(int) = Store : &:r199_1, r199_9
854856
# 200| r200_1(glval<unknown>) = FunctionAddress[strlen] :
855857
# 200| r200_2(glval<char *>) = VariableAddress[str1] :
856858
# 200| r200_3(char *) = Load : &:r200_2, m198_5
857859
# 200| r200_4(char *) = Convert : r200_3
858860
# 200| r200_5(int) = Call : func:r200_1, 0:r200_4
859861
# 200| v200_6(void) = ^CallReadSideEffect : ~m198_13
860-
# 200| r200_7(glval<int>) = VariableAddress[ret] :
861-
# 200| r200_8(int) = Load : &:r200_7, m199_11
862-
# 200| r200_9(int) = Add : r200_8, r200_5
863-
# 200| m200_10(int) = Store : &:r200_7, r200_9
862+
# 200| v200_7(void) = ^BufferReadSideEffect[0] : &:r200_4, ~m198_13
863+
# 200| r200_8(glval<int>) = VariableAddress[ret] :
864+
# 200| r200_9(int) = Load : &:r200_8, m199_13
865+
# 200| r200_10(int) = Add : r200_9, r200_5
866+
# 200| m200_11(int) = Store : &:r200_8, r200_10
864867
# 201| r201_1(glval<unknown>) = FunctionAddress[abs] :
865868
# 201| r201_2(glval<int>) = VariableAddress[x] :
866869
# 201| r201_3(int) = Load : &:r201_2, m198_15
867870
# 201| r201_4(int) = Call : func:r201_1, 0:r201_3
868871
# 201| r201_5(glval<int>) = VariableAddress[ret] :
869-
# 201| r201_6(int) = Load : &:r201_5, m200_10
872+
# 201| r201_6(int) = Load : &:r201_5, m200_11
870873
# 201| r201_7(int) = Add : r201_6, r201_4
871874
# 201| m201_8(int) = Store : &:r201_5, r201_7
872875
# 202| r202_1(glval<int>) = VariableAddress[#return] :

cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -808,23 +808,26 @@ ssa.cpp:
808808
# 199| r199_8(char *) = Convert : r199_7
809809
# 199| r199_9(int) = Call : func:r199_2, 0:r199_5, 1:r199_8
810810
# 199| v199_10(void) = ^CallReadSideEffect : ~mu198_3
811-
# 199| m199_11(int) = Store : &:r199_1, r199_9
811+
# 199| v199_11(void) = ^BufferReadSideEffect[0] : &:r199_5, ~mu198_3
812+
# 199| v199_12(void) = ^BufferReadSideEffect[1] : &:r199_8, ~mu198_3
813+
# 199| m199_13(int) = Store : &:r199_1, r199_9
812814
# 200| r200_1(glval<unknown>) = FunctionAddress[strlen] :
813815
# 200| r200_2(glval<char *>) = VariableAddress[str1] :
814816
# 200| r200_3(char *) = Load : &:r200_2, m198_5
815817
# 200| r200_4(char *) = Convert : r200_3
816818
# 200| r200_5(int) = Call : func:r200_1, 0:r200_4
817819
# 200| v200_6(void) = ^CallReadSideEffect : ~mu198_3
818-
# 200| r200_7(glval<int>) = VariableAddress[ret] :
819-
# 200| r200_8(int) = Load : &:r200_7, m199_11
820-
# 200| r200_9(int) = Add : r200_8, r200_5
821-
# 200| m200_10(int) = Store : &:r200_7, r200_9
820+
# 200| v200_7(void) = ^BufferReadSideEffect[0] : &:r200_4, ~mu198_3
821+
# 200| r200_8(glval<int>) = VariableAddress[ret] :
822+
# 200| r200_9(int) = Load : &:r200_8, m199_13
823+
# 200| r200_10(int) = Add : r200_9, r200_5
824+
# 200| m200_11(int) = Store : &:r200_8, r200_10
822825
# 201| r201_1(glval<unknown>) = FunctionAddress[abs] :
823826
# 201| r201_2(glval<int>) = VariableAddress[x] :
824827
# 201| r201_3(int) = Load : &:r201_2, m198_13
825828
# 201| r201_4(int) = Call : func:r201_1, 0:r201_3
826829
# 201| r201_5(glval<int>) = VariableAddress[ret] :
827-
# 201| r201_6(int) = Load : &:r201_5, m200_10
830+
# 201| r201_6(int) = Load : &:r201_5, m200_11
828831
# 201| r201_7(int) = Add : r201_6, r201_4
829832
# 201| m201_8(int) = Store : &:r201_5, r201_7
830833
# 202| r202_1(glval<int>) = VariableAddress[#return] :

cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ instructionWithoutSuccessor
108108
| stmt_in_type.cpp:5:53:5:53 | Constant: 1 |
109109
| vla.c:5:9:5:14 | Uninitialized: definition of matrix |
110110
| vla.c:5:16:5:19 | Load: argc |
111-
| vla.c:5:22:5:25 | CallReadSideEffect: call to atoi |
111+
| vla.c:5:27:5:33 | BufferReadSideEffect: (const char *)... |
112112
| vla.c:11:6:11:16 | UnmodeledDefinition: vla_typedef |
113113
| vla.c:12:33:12:44 | Add: ... + ... |
114114
| vla.c:12:50:12:62 | Mul: ... * ... |

0 commit comments

Comments
 (0)