Merge pull request #2598 from geoffw0/av114_asm

Dave Bartolomeo · web-flow · commit 3072e9c7dadb · 2020-01-07T09:04:14.000-07:00
CPP: Exclude functions containing asm from cpp/missing-return
diff --git a/change-notes/1.24/analysis-cpp.md b/change-notes/1.24/analysis-cpp.md
@@ -17,6 +17,7 @@ The following changes in version 1.24 affect C/C++ analysis in all applications.
 | No space for zero terminator (`cpp/no-space-for-terminator`) | More true positive results | This query now identifies a wider variety of buffer allocations using the `semmle.code.cpp.models.interfaces.Allocation` library. |
 | Memory is never freed (`cpp/memory-never-freed`) | More true positive results | This query now identifies a wider variety of buffer allocations using the `semmle.code.cpp.models.interfaces.Allocation` library. |
 | Memory may not be freed (`cpp/memory-may-not-be-freed`) | More true positive results | This query now identifies a wider variety of buffer allocations using the `semmle.code.cpp.models.interfaces.Allocation` library. |
+| Missing return statement (`cpp/missing-return`) | Fewer false positive results | Functions containing `asm` statements are no longer highlighted by this query. |
 | Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) |  | This query is no longer run on LGTM. |
 | No space for zero terminator (`cpp/no-space-for-terminator`) | Fewer false positive results | This query has been modified to be more conservative when identifying which pointers point to null-terminated strings.  This approach produces fewer, more accurate results. |
 | Unsafe array for days of the year (`cpp/leap-year/unsafe-array-for-days-of-the-year`) |  | This query is no longer run on LGTM. |
diff --git a/cpp/ql/src/jsf/4.13 Functions/AV Rule 114.ql b/cpp/ql/src/jsf/4.13 Functions/AV Rule 114.ql
@@ -46,6 +46,10 @@ predicate functionImperfectlyExtracted(Function f) {
   exists(ErrorExpr ee | ee.getEnclosingFunction() = f)
   or
   count(f.getType()) > 1
+  or
+  // an `AsmStmt` isn't strictly 'imperfectly extracted', but it's beyond the scope
+  // of this analysis.
+  exists(AsmStmt asm | asm.getEnclosingFunction() = f)
 }
 
 from Stmt stmt, string msg, Function f, ControlFlowNode blame
diff --git a/cpp/ql/test/query-tests/jsf/4.13 Functions/AV Rule 114/test.c b/cpp/ql/test/query-tests/jsf/4.13 Functions/AV Rule 114/test.c
@@ -94,3 +94,8 @@ void f13_func(int x)
 {
 	if (x < 10) return; // GOOD
 }
+
+int f14()
+{
+	__asm__("rdtsc"); // GOOD
+}

Original file line number	Diff line number	Diff line change
`@@ -94,3 +94,8 @@ void f13_func(int x)`
`94`	`94`	`{`
`95`	`95`	`if (x < 10) return; // GOOD`
`96`	`96`	`}`
	`97`	`+`
	`98`	`+int f14()`
	`99`	`+{`
	`100`	`+ __asm__("rdtsc"); // GOOD`
	`101`	`+}`