Skip to content

Commit fb2804b

Browse files
committed
CPP: Alter the dataflow case.
1 parent 330972a commit fb2804b

2 files changed

Lines changed: 28 additions & 14 deletions

File tree

cpp/ql/src/definitions.ql

Lines changed: 21 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,23 @@
1-
/**
2-
* @name Jump-to-definition links
3-
* @description Generates use-definition pairs that provide the data
4-
* for jump-to-definition in the code viewer.
5-
* @kind definitions
6-
* @id cpp/jump-to-definition
7-
*/
81

9-
import definitions
2+
class MyInt extends int {
3+
MyInt() {
4+
this in [1 .. 10000]
5+
}
6+
}
107

11-
from Top e, Top def, string kind
12-
where def = definitionOf(e, kind)
13-
select e, def, kind
8+
predicate rel(MyInt x, MyInt y) {
9+
x = 1 or
10+
y = 1
11+
}
12+
13+
from MyInt x
14+
where
15+
// 23s (1 result):
16+
//forall(MyInt y | rel(x, y))
17+
// 4s (10,000 results):
18+
exists(MyInt y | rel(x, y))
19+
// 18s (1 result):
20+
forall(MyInt y | rel(x, y))
21+
and
22+
exists(MyInt y | rel(x, y))
23+
select x

cpp/ql/src/semmle/code/cpp/commons/Buffer.qll

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ predicate memberMayBeVarSize(Class c, MemberVariable v) {
4848
/**
4949
* Get the size in bytes of the buffer pointed to by an expression (if this can be determined).
5050
*/
51+
language[monotonicAggregates]
5152
int getBufferSize(Expr bufferExpr, Element why) {
5253
exists(Variable bufferVar | bufferVar = bufferExpr.(VariableAccess).getTarget() |
5354
(
@@ -82,16 +83,19 @@ int getBufferSize(Expr bufferExpr, Element why) {
8283
why = bufferExpr
8384
) or (
8485
// dataflow (all sources must be the same size)
85-
forex(Expr def |
86+
result = min(Expr def |
8687
DataFlow::localFlowStep(DataFlow::exprNode(def), DataFlow::exprNode(bufferExpr)) |
87-
result = getBufferSize(def, _)
88+
getBufferSize(def, _)
89+
) and result = max(Expr def |
90+
DataFlow::localFlowStep(DataFlow::exprNode(def), DataFlow::exprNode(bufferExpr)) |
91+
getBufferSize(def, _)
8892
) and
8993

9094
// find reason
9195
exists(Expr def |
9296
DataFlow::localFlowStep(DataFlow::exprNode(def), DataFlow::exprNode(bufferExpr)) |
9397
why = def or
94-
result = getBufferSize(def, why)
98+
exists(getBufferSize(def, why))
9599
)
96100
) or exists(Type bufferType |
97101
// buffer is the address of a variable

0 commit comments

Comments
 (0)