C++: Add tests for flow through arrays

jbj · jbj · commit 27b8dc2b135b · 2020-09-15T14:19:34.000+02:00
diff --git a/cpp/ql/test/library-tests/dataflow/fields/arrays.cpp b/cpp/ql/test/library-tests/dataflow/fields/arrays.cpp
@@ -0,0 +1,51 @@
+void sink(void *o);
+void *user_input(void);
+
+void local_array() {
+  void *arr[10] = { 0 };
+  arr[0] = user_input();
+  sink(arr[0]); // $ir $f-:ast
+  sink(arr[1]);
+  sink(*arr); // $ir $f-:ast
+  sink(*&arr[0]); // $ir $f-:ast
+}
+
+void local_array_convoluted_assign() {
+  void *arr[10] = { 0 };
+  *&arr[0] = user_input();
+  sink(arr[0]); // $ir $f-:ast
+  sink(arr[1]);
+}
+
+struct inner {
+  void *data;
+  int unrelated;
+};
+
+struct middle {
+  inner arr[10];
+  inner *ptr;
+};
+
+struct outer {
+  middle nested;
+  middle *indirect;
+};
+
+void nested_array_1(outer o) {
+  o.nested.arr[1].data = user_input();
+  sink(o.nested.arr[1].data); // $ir $f-:ast
+  sink(o.nested.arr[0].data);
+}
+
+void nested_array_2(outer o) {
+  o.indirect->arr[1].data = user_input();
+  sink(o.indirect->arr[1].data); // $f-:ast,ir
+  sink(o.indirect->arr[0].data);
+}
+
+void nested_array_3(outer o) {
+  o.indirect->ptr[1].data = user_input();
+  sink(o.indirect->ptr[1].data); // $f-:ast,ir
+  sink(o.indirect->ptr[0].data);
+}
diff --git a/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp b/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp
@@ -109,11 +109,11 @@ void test_outer_with_ptr(Outer *pouter) {
 
   sink(outer.inner_nested.a); // $ast,ir
   sink(outer.inner_ptr->a); // $ast $f-:ir
-  sink(outer.a); // $f-:ast $f-:ir
+  sink(outer.a); // $f-:ast,ir
 
   sink(pouter->inner_nested.a); // $ast,ir
   sink(pouter->inner_ptr->a); // $ast $f-:ir
-  sink(pouter->a); // $f-:ast $f-:ir
+  sink(pouter->a); // $f-:ast,ir
 }
 
 void test_outer_with_ref(Outer *pouter) {
diff --git a/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
@@ -30,6 +30,12 @@ argHasPostUpdate
 | D.cpp:43:24:43:40 | new | ArgumentNode is missing PostUpdateNode. |
 | D.cpp:50:24:50:40 | new | ArgumentNode is missing PostUpdateNode. |
 | D.cpp:57:25:57:41 | new | ArgumentNode is missing PostUpdateNode. |
+| arrays.cpp:7:8:7:13 | access to array | ArgumentNode is missing PostUpdateNode. |
+| arrays.cpp:8:8:8:13 | access to array | ArgumentNode is missing PostUpdateNode. |
+| arrays.cpp:9:8:9:11 | * ... | ArgumentNode is missing PostUpdateNode. |
+| arrays.cpp:10:8:10:15 | * ... | ArgumentNode is missing PostUpdateNode. |
+| arrays.cpp:16:8:16:13 | access to array | ArgumentNode is missing PostUpdateNode. |
+| arrays.cpp:17:8:17:13 | access to array | ArgumentNode is missing PostUpdateNode. |
 | by_reference.cpp:51:8:51:8 | s | ArgumentNode is missing PostUpdateNode. |
 | by_reference.cpp:57:8:57:8 | s | ArgumentNode is missing PostUpdateNode. |
 | by_reference.cpp:63:8:63:8 | s | ArgumentNode is missing PostUpdateNode. |
diff --git a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
@@ -1,13 +1,14 @@
 uniqueEnclosingCallable
 uniqueType
 uniqueNodeLocation
-| D.cpp:1:17:1:17 | o | Node should have one location but has 3. |
-| by_reference.cpp:1:17:1:17 | o | Node should have one location but has 3. |
+| D.cpp:1:17:1:17 | o | Node should have one location but has 4. |
+| arrays.cpp:1:17:1:17 | o | Node should have one location but has 4. |
+| by_reference.cpp:1:17:1:17 | o | Node should have one location but has 4. |
 | file://:0:0:0:0 | p#0 | Node should have one location but has 0. |
 | file://:0:0:0:0 | p#0 | Node should have one location but has 0. |
 | file://:0:0:0:0 | p#0 | Node should have one location but has 0. |
 | file://:0:0:0:0 | p#0 | Node should have one location but has 0. |
-| qualifiers.cpp:1:17:1:17 | o | Node should have one location but has 3. |
+| qualifiers.cpp:1:17:1:17 | o | Node should have one location but has 4. |
 missingLocation
 | Nodes without location: 4 |
 uniqueNodeToString
diff --git a/cpp/ql/test/library-tests/dataflow/fields/flow-diff.expected b/cpp/ql/test/library-tests/dataflow/fields/flow-diff.expected
@@ -21,6 +21,11 @@
 | aliasing.cpp:79:11:79:20 | call to user_input | aliasing.cpp:80:12:80:13 | m1 | IR only |
 | aliasing.cpp:86:10:86:19 | call to user_input | aliasing.cpp:87:12:87:13 | m1 | IR only |
 | aliasing.cpp:98:10:98:19 | call to user_input | aliasing.cpp:102:8:102:10 | * ... | IR only |
+| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:7:8:7:13 | access to array | IR only |
+| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:9:8:9:11 | * ... | IR only |
+| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:10:8:10:15 | * ... | IR only |
+| arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:16:8:16:13 | access to array | IR only |
+| arrays.cpp:36:26:36:35 | call to user_input | arrays.cpp:37:24:37:27 | data | IR only |
 | by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:111:25:111:25 | a | AST only |
 | by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:115:27:115:27 | a | AST only |
 | by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:131:25:131:25 | a | AST only |
diff --git a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
@@ -64,6 +64,11 @@ edges
 | aliasing.cpp:98:3:98:21 | Store | aliasing.cpp:98:3:98:21 | Chi [m1] |
 | aliasing.cpp:98:10:98:19 | call to user_input | aliasing.cpp:98:3:98:21 | Store |
 | aliasing.cpp:100:14:100:14 | Store [m1] | aliasing.cpp:102:8:102:10 | * ... |
+| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:7:8:7:13 | access to array |
+| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:9:8:9:11 | * ... |
+| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:10:8:10:15 | * ... |
+| arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:16:8:16:13 | access to array |
+| arrays.cpp:36:26:36:35 | call to user_input | arrays.cpp:37:24:37:27 | data |
 | by_reference.cpp:50:3:50:3 | setDirectly output argument [a] | by_reference.cpp:51:8:51:8 | Argument -1 indirection [a] |
 | by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:50:3:50:3 | setDirectly output argument [a] |
 | by_reference.cpp:51:8:51:8 | Argument -1 indirection [a] | by_reference.cpp:51:10:51:20 | call to getDirectly |
@@ -256,6 +261,14 @@ nodes
 | aliasing.cpp:98:10:98:19 | call to user_input | semmle.label | call to user_input |
 | aliasing.cpp:100:14:100:14 | Store [m1] | semmle.label | Store [m1] |
 | aliasing.cpp:102:8:102:10 | * ... | semmle.label | * ... |
+| arrays.cpp:6:12:6:21 | call to user_input | semmle.label | call to user_input |
+| arrays.cpp:7:8:7:13 | access to array | semmle.label | access to array |
+| arrays.cpp:9:8:9:11 | * ... | semmle.label | * ... |
+| arrays.cpp:10:8:10:15 | * ... | semmle.label | * ... |
+| arrays.cpp:15:14:15:23 | call to user_input | semmle.label | call to user_input |
+| arrays.cpp:16:8:16:13 | access to array | semmle.label | access to array |
+| arrays.cpp:36:26:36:35 | call to user_input | semmle.label | call to user_input |
+| arrays.cpp:37:24:37:27 | data | semmle.label | data |
 | by_reference.cpp:50:3:50:3 | setDirectly output argument [a] | semmle.label | setDirectly output argument [a] |
 | by_reference.cpp:50:17:50:26 | call to user_input | semmle.label | call to user_input |
 | by_reference.cpp:51:8:51:8 | Argument -1 indirection [a] | semmle.label | Argument -1 indirection [a] |
@@ -395,6 +408,11 @@ nodes
 | aliasing.cpp:87:12:87:13 | m1 | aliasing.cpp:86:10:86:19 | call to user_input | aliasing.cpp:87:12:87:13 | m1 | m1 flows from $@ | aliasing.cpp:86:10:86:19 | call to user_input | call to user_input |
 | aliasing.cpp:93:12:93:13 | m1 | aliasing.cpp:92:12:92:21 | call to user_input | aliasing.cpp:93:12:93:13 | m1 | m1 flows from $@ | aliasing.cpp:92:12:92:21 | call to user_input | call to user_input |
 | aliasing.cpp:102:8:102:10 | * ... | aliasing.cpp:98:10:98:19 | call to user_input | aliasing.cpp:102:8:102:10 | * ... | * ... flows from $@ | aliasing.cpp:98:10:98:19 | call to user_input | call to user_input |
+| arrays.cpp:7:8:7:13 | access to array | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:7:8:7:13 | access to array | access to array flows from $@ | arrays.cpp:6:12:6:21 | call to user_input | call to user_input |
+| arrays.cpp:9:8:9:11 | * ... | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:9:8:9:11 | * ... | * ... flows from $@ | arrays.cpp:6:12:6:21 | call to user_input | call to user_input |
+| arrays.cpp:10:8:10:15 | * ... | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:10:8:10:15 | * ... | * ... flows from $@ | arrays.cpp:6:12:6:21 | call to user_input | call to user_input |
+| arrays.cpp:16:8:16:13 | access to array | arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:16:8:16:13 | access to array | access to array flows from $@ | arrays.cpp:15:14:15:23 | call to user_input | call to user_input |
+| arrays.cpp:37:24:37:27 | data | arrays.cpp:36:26:36:35 | call to user_input | arrays.cpp:37:24:37:27 | data | data flows from $@ | arrays.cpp:36:26:36:35 | call to user_input | call to user_input |
 | by_reference.cpp:51:10:51:20 | call to getDirectly | by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:51:10:51:20 | call to getDirectly | call to getDirectly flows from $@ | by_reference.cpp:50:17:50:26 | call to user_input | call to user_input |
 | by_reference.cpp:57:10:57:22 | call to getIndirectly | by_reference.cpp:56:19:56:28 | call to user_input | by_reference.cpp:57:10:57:22 | call to getIndirectly | call to getIndirectly flows from $@ | by_reference.cpp:56:19:56:28 | call to user_input | call to user_input |
 | by_reference.cpp:63:10:63:28 | call to getThroughNonMember | by_reference.cpp:62:25:62:34 | call to user_input | by_reference.cpp:63:10:63:28 | call to getThroughNonMember | call to getThroughNonMember flows from $@ | by_reference.cpp:62:25:62:34 | call to user_input | call to user_input |
diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected
@@ -158,6 +158,41 @@
 | aliasing.cpp:92:3:92:3 | w | AST only |
 | aliasing.cpp:92:7:92:8 | m1 | AST only |
 | aliasing.cpp:98:5:98:6 | m1 | AST only |
+| arrays.cpp:36:3:36:3 | o | AST only |
+| arrays.cpp:36:5:36:10 | nested | AST only |
+| arrays.cpp:36:19:36:22 | data | AST only |
+| arrays.cpp:37:8:37:8 | o | AST only |
+| arrays.cpp:37:8:37:22 | access to array | AST only |
+| arrays.cpp:37:10:37:15 | nested | AST only |
+| arrays.cpp:37:24:37:27 | data | AST only |
+| arrays.cpp:38:8:38:8 | o | AST only |
+| arrays.cpp:38:8:38:22 | access to array | AST only |
+| arrays.cpp:38:10:38:15 | nested | AST only |
+| arrays.cpp:38:24:38:27 | data | AST only |
+| arrays.cpp:42:3:42:3 | o | AST only |
+| arrays.cpp:42:3:42:20 | access to array | AST only |
+| arrays.cpp:42:5:42:12 | indirect | AST only |
+| arrays.cpp:42:22:42:25 | data | AST only |
+| arrays.cpp:43:8:43:8 | o | AST only |
+| arrays.cpp:43:8:43:25 | access to array | AST only |
+| arrays.cpp:43:10:43:17 | indirect | AST only |
+| arrays.cpp:43:27:43:30 | data | AST only |
+| arrays.cpp:44:8:44:8 | o | AST only |
+| arrays.cpp:44:8:44:25 | access to array | AST only |
+| arrays.cpp:44:10:44:17 | indirect | AST only |
+| arrays.cpp:44:27:44:30 | data | AST only |
+| arrays.cpp:48:3:48:3 | o | AST only |
+| arrays.cpp:48:3:48:20 | access to array | AST only |
+| arrays.cpp:48:5:48:12 | indirect | AST only |
+| arrays.cpp:48:22:48:25 | data | AST only |
+| arrays.cpp:49:8:49:8 | o | AST only |
+| arrays.cpp:49:8:49:25 | access to array | AST only |
+| arrays.cpp:49:10:49:17 | indirect | AST only |
+| arrays.cpp:49:27:49:30 | data | AST only |
+| arrays.cpp:50:8:50:8 | o | AST only |
+| arrays.cpp:50:8:50:25 | access to array | AST only |
+| arrays.cpp:50:10:50:17 | indirect | AST only |
+| arrays.cpp:50:27:50:30 | data | AST only |
 | by_reference.cpp:12:8:12:8 | a | AST only |
 | by_reference.cpp:16:11:16:11 | a | AST only |
 | by_reference.cpp:20:5:20:8 | this | AST only |
diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected
@@ -27,6 +27,7 @@
 | aliasing.cpp:86:3:86:3 | s |
 | aliasing.cpp:92:5:92:5 | s |
 | aliasing.cpp:98:3:98:3 | s |
+| arrays.cpp:36:3:36:17 | access to array |
 | by_reference.cpp:12:5:12:5 | s |
 | by_reference.cpp:16:5:16:8 | this |
 | by_reference.cpp:84:3:84:7 | inner |
diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition.expected
@@ -187,6 +187,42 @@
 | aliasing.cpp:92:7:92:8 | m1 |
 | aliasing.cpp:98:3:98:3 | s |
 | aliasing.cpp:98:5:98:6 | m1 |
+| arrays.cpp:36:3:36:3 | o |
+| arrays.cpp:36:3:36:17 | access to array |
+| arrays.cpp:36:5:36:10 | nested |
+| arrays.cpp:36:19:36:22 | data |
+| arrays.cpp:37:8:37:8 | o |
+| arrays.cpp:37:8:37:22 | access to array |
+| arrays.cpp:37:10:37:15 | nested |
+| arrays.cpp:37:24:37:27 | data |
+| arrays.cpp:38:8:38:8 | o |
+| arrays.cpp:38:8:38:22 | access to array |
+| arrays.cpp:38:10:38:15 | nested |
+| arrays.cpp:38:24:38:27 | data |
+| arrays.cpp:42:3:42:3 | o |
+| arrays.cpp:42:3:42:20 | access to array |
+| arrays.cpp:42:5:42:12 | indirect |
+| arrays.cpp:42:22:42:25 | data |
+| arrays.cpp:43:8:43:8 | o |
+| arrays.cpp:43:8:43:25 | access to array |
+| arrays.cpp:43:10:43:17 | indirect |
+| arrays.cpp:43:27:43:30 | data |
+| arrays.cpp:44:8:44:8 | o |
+| arrays.cpp:44:8:44:25 | access to array |
+| arrays.cpp:44:10:44:17 | indirect |
+| arrays.cpp:44:27:44:30 | data |
+| arrays.cpp:48:3:48:3 | o |
+| arrays.cpp:48:3:48:20 | access to array |
+| arrays.cpp:48:5:48:12 | indirect |
+| arrays.cpp:48:22:48:25 | data |
+| arrays.cpp:49:8:49:8 | o |
+| arrays.cpp:49:8:49:25 | access to array |
+| arrays.cpp:49:10:49:17 | indirect |
+| arrays.cpp:49:27:49:30 | data |
+| arrays.cpp:50:8:50:8 | o |
+| arrays.cpp:50:8:50:25 | access to array |
+| arrays.cpp:50:10:50:17 | indirect |
+| arrays.cpp:50:27:50:30 | data |
 | by_reference.cpp:12:5:12:5 | s |
 | by_reference.cpp:12:8:12:8 | a |
 | by_reference.cpp:16:5:16:8 | this |
