C++: respond to PR comments

Robert Marsh · Robert Marsh · commit c195420ba103 · 2019-07-11T11:00:52.000-07:00
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll
@@ -6,7 +6,7 @@ import semmle.code.cpp.models.interfaces.SideEffect
 class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction,  SideEffectFunction {
   PureStrFunction() {
     exists(string name |
-      hasName(name) and
+      hasGlobalName(name) and
       (
         name = "atof"
         or name = "atoi"
@@ -41,29 +41,28 @@ class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction,  Side
   
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     exists (ParameterIndex i |
-      input.isInParameter(i) or
-      (
-        input.isInParameterPointer(i) and
-        getParameter(i).getUnspecifiedType() instanceof PointerType
-      )
+      input.isInParameter(i) and
+      exists(getParameter(i))
+      or
+      input.isInParameterPointer(i) and
+      getParameter(i).getUnspecifiedType() instanceof PointerType
     ) and
     (
-      output.isOutReturnValue() or
-      output.isOutReturnPointer()
+      output.isOutReturnPointer() and
+      getUnspecifiedType() instanceof PointerType
+      or
+      output.isOutReturnValue()
     )
   }
 
   override predicate parameterNeverEscapes(int i) {
     getParameter(i).getUnspecifiedType() instanceof PointerType and
-    not (
-      i = 0 and
-      getType().getUnspecifiedType() instanceof PointerType
-    )
+    not parameterEscapesOnlyViaReturn(i)
   }
 
   override predicate parameterEscapesOnlyViaReturn(int i) {
     i = 0 and
-    getType().getUnspecifiedType() instanceof PointerType
+    getUnspecifiedType() instanceof PointerType
   }
 
   override predicate parameterIsAlwaysReturned(int i) {
@@ -82,7 +81,7 @@ class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction,  Side
 class PureFunction extends TaintFunction, SideEffectFunction {
   PureFunction() {
     exists(string name |
-      hasName(name) and
+      hasGlobalName(name) and
       (
         name = "abs" or
         name = "labs"
@@ -92,7 +91,8 @@ class PureFunction extends TaintFunction, SideEffectFunction {
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     exists (ParameterIndex i |
-      input.isInParameter(i)
+      input.isInParameter(i) and
+      exists(getParameter(i))
     ) and
     output.isOutReturnValue()
   }
diff --git a/cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected b/cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected
@@ -759,41 +759,51 @@ ssa.cpp:
 #  184|     v0_23(void)                  = UnmodeledUse           : mu*
 #  184|     v0_24(void)                  = ExitFunction           : 
 
-#  197| int PureFunctions(char*, char*, int)
-#  197|   Block 0
-#  197|     v0_0(void)            = EnterFunction             : 
-#  197|     m0_1(unknown)         = AliasedDefinition         : 
-#  197|     mu0_2(unknown)        = UnmodeledDefinition       : 
-#  197|     r0_3(glval<char *>)   = VariableAddress[str1]     : 
-#  197|     m0_4(char *)          = InitializeParameter[str1] : &:r0_3
-#  197|     r0_5(glval<char *>)   = VariableAddress[str2]     : 
-#  197|     m0_6(char *)          = InitializeParameter[str2] : &:r0_5
-#  197|     r0_7(glval<int>)      = VariableAddress[x]        : 
-#  197|     m0_8(int)             = InitializeParameter[x]    : &:r0_7
-#  198|     r0_9(glval<int>)      = VariableAddress[ret]      : 
-#  198|     r0_10(glval<unknown>) = FunctionAddress[strcmp]   : 
-#  198|     r0_11(glval<char *>)  = VariableAddress[str1]     : 
-#  198|     r0_12(char *)         = Load                      : &:r0_11, m0_4
-#  198|     r0_13(char *)         = Convert                   : r0_12
-#  198|     r0_14(glval<char *>)  = VariableAddress[str2]     : 
-#  198|     r0_15(char *)         = Load                      : &:r0_14, m0_6
-#  198|     r0_16(char *)         = Convert                   : r0_15
-#  198|     r0_17(int)            = Call                      : func:r0_10, 0:r0_13, 1:r0_16
-#  198|     v0_18(void)           = ^CallReadSideEffect       : ~m0_1
-#  198|     m0_19(int)            = Store                     : &:r0_9, r0_17
-#  199|     r0_20(glval<unknown>) = FunctionAddress[abs]      : 
-#  199|     r0_21(glval<int>)     = VariableAddress[x]        : 
-#  199|     r0_22(int)            = Load                      : &:r0_21, m0_8
-#  199|     r0_23(int)            = Call                      : func:r0_20, 0:r0_22
-#  199|     r0_24(glval<int>)     = VariableAddress[ret]      : 
-#  199|     r0_25(int)            = Load                      : &:r0_24, m0_19
-#  199|     r0_26(int)            = Add                       : r0_25, r0_23
-#  199|     m0_27(int)            = Store                     : &:r0_24, r0_26
-#  200|     r0_28(glval<int>)     = VariableAddress[#return]  : 
-#  200|     r0_29(glval<int>)     = VariableAddress[ret]      : 
-#  200|     r0_30(int)            = Load                      : &:r0_29, m0_27
-#  200|     m0_31(int)            = Store                     : &:r0_28, r0_30
-#  197|     r0_32(glval<int>)     = VariableAddress[#return]  : 
-#  197|     v0_33(void)           = ReturnValue               : &:r0_32, m0_31
-#  197|     v0_34(void)           = UnmodeledUse              : mu*
-#  197|     v0_35(void)           = ExitFunction              : 
+#  198| int PureFunctions(char*, char*, int)
+#  198|   Block 0
+#  198|     v0_0(void)            = EnterFunction             : 
+#  198|     m0_1(unknown)         = AliasedDefinition         : 
+#  198|     mu0_2(unknown)        = UnmodeledDefinition       : 
+#  198|     r0_3(glval<char *>)   = VariableAddress[str1]     : 
+#  198|     m0_4(char *)          = InitializeParameter[str1] : &:r0_3
+#  198|     r0_5(glval<char *>)   = VariableAddress[str2]     : 
+#  198|     m0_6(char *)          = InitializeParameter[str2] : &:r0_5
+#  198|     r0_7(glval<int>)      = VariableAddress[x]        : 
+#  198|     m0_8(int)             = InitializeParameter[x]    : &:r0_7
+#  199|     r0_9(glval<int>)      = VariableAddress[ret]      : 
+#  199|     r0_10(glval<unknown>) = FunctionAddress[strcmp]   : 
+#  199|     r0_11(glval<char *>)  = VariableAddress[str1]     : 
+#  199|     r0_12(char *)         = Load                      : &:r0_11, m0_4
+#  199|     r0_13(char *)         = Convert                   : r0_12
+#  199|     r0_14(glval<char *>)  = VariableAddress[str2]     : 
+#  199|     r0_15(char *)         = Load                      : &:r0_14, m0_6
+#  199|     r0_16(char *)         = Convert                   : r0_15
+#  199|     r0_17(int)            = Call                      : func:r0_10, 0:r0_13, 1:r0_16
+#  199|     v0_18(void)           = ^CallReadSideEffect       : ~m0_1
+#  199|     m0_19(int)            = Store                     : &:r0_9, r0_17
+#  200|     r0_20(glval<unknown>) = FunctionAddress[strlen]   : 
+#  200|     r0_21(glval<char *>)  = VariableAddress[str1]     : 
+#  200|     r0_22(char *)         = Load                      : &:r0_21, m0_4
+#  200|     r0_23(char *)         = Convert                   : r0_22
+#  200|     r0_24(int)            = Call                      : func:r0_20, 0:r0_23
+#  200|     v0_25(void)           = ^CallReadSideEffect       : ~m0_1
+#  200|     r0_26(glval<int>)     = VariableAddress[ret]      : 
+#  200|     r0_27(int)            = Load                      : &:r0_26, m0_19
+#  200|     r0_28(int)            = Add                       : r0_27, r0_24
+#  200|     m0_29(int)            = Store                     : &:r0_26, r0_28
+#  201|     r0_30(glval<unknown>) = FunctionAddress[abs]      : 
+#  201|     r0_31(glval<int>)     = VariableAddress[x]        : 
+#  201|     r0_32(int)            = Load                      : &:r0_31, m0_8
+#  201|     r0_33(int)            = Call                      : func:r0_30, 0:r0_32
+#  201|     r0_34(glval<int>)     = VariableAddress[ret]      : 
+#  201|     r0_35(int)            = Load                      : &:r0_34, m0_29
+#  201|     r0_36(int)            = Add                       : r0_35, r0_33
+#  201|     m0_37(int)            = Store                     : &:r0_34, r0_36
+#  202|     r0_38(glval<int>)     = VariableAddress[#return]  : 
+#  202|     r0_39(glval<int>)     = VariableAddress[ret]      : 
+#  202|     r0_40(int)            = Load                      : &:r0_39, m0_37
+#  202|     m0_41(int)            = Store                     : &:r0_38, r0_40
+#  198|     r0_42(glval<int>)     = VariableAddress[#return]  : 
+#  198|     v0_43(void)           = ReturnValue               : &:r0_42, m0_41
+#  198|     v0_44(void)           = UnmodeledUse              : mu*
+#  198|     v0_45(void)           = ExitFunction              : 
diff --git a/cpp/ql/test/library-tests/ir/ssa/ssa.cpp b/cpp/ql/test/library-tests/ir/ssa/ssa.cpp
@@ -192,10 +192,12 @@ static void AsmStmtWithOutputs(unsigned int& a, unsigned int& b, unsigned int& c
 }
 
 int strcmp(const char *, const char *);
+int strlen(const char *);
 int abs(int);
 
 int PureFunctions(char *str1, char *str2, int x) {
   int ret = strcmp(str1, str2);
+  ret += strlen(str1);
   ret += abs(x);
   return ret;
 }
diff --git a/cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected b/cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected
@@ -725,41 +725,51 @@ ssa.cpp:
 #  184|     v0_18(void)                  = UnmodeledUse           : mu*
 #  184|     v0_19(void)                  = ExitFunction           : 
 
-#  197| int PureFunctions(char*, char*, int)
-#  197|   Block 0
-#  197|     v0_0(void)            = EnterFunction             : 
-#  197|     mu0_1(unknown)        = AliasedDefinition         : 
-#  197|     mu0_2(unknown)        = UnmodeledDefinition       : 
-#  197|     r0_3(glval<char *>)   = VariableAddress[str1]     : 
-#  197|     m0_4(char *)          = InitializeParameter[str1] : &:r0_3
-#  197|     r0_5(glval<char *>)   = VariableAddress[str2]     : 
-#  197|     m0_6(char *)          = InitializeParameter[str2] : &:r0_5
-#  197|     r0_7(glval<int>)      = VariableAddress[x]        : 
-#  197|     m0_8(int)             = InitializeParameter[x]    : &:r0_7
-#  198|     r0_9(glval<int>)      = VariableAddress[ret]      : 
-#  198|     r0_10(glval<unknown>) = FunctionAddress[strcmp]   : 
-#  198|     r0_11(glval<char *>)  = VariableAddress[str1]     : 
-#  198|     r0_12(char *)         = Load                      : &:r0_11, m0_4
-#  198|     r0_13(char *)         = Convert                   : r0_12
-#  198|     r0_14(glval<char *>)  = VariableAddress[str2]     : 
-#  198|     r0_15(char *)         = Load                      : &:r0_14, m0_6
-#  198|     r0_16(char *)         = Convert                   : r0_15
-#  198|     r0_17(int)            = Call                      : func:r0_10, 0:r0_13, 1:r0_16
-#  198|     v0_18(void)           = ^CallReadSideEffect       : ~mu0_2
-#  198|     m0_19(int)            = Store                     : &:r0_9, r0_17
-#  199|     r0_20(glval<unknown>) = FunctionAddress[abs]      : 
-#  199|     r0_21(glval<int>)     = VariableAddress[x]        : 
-#  199|     r0_22(int)            = Load                      : &:r0_21, m0_8
-#  199|     r0_23(int)            = Call                      : func:r0_20, 0:r0_22
-#  199|     r0_24(glval<int>)     = VariableAddress[ret]      : 
-#  199|     r0_25(int)            = Load                      : &:r0_24, m0_19
-#  199|     r0_26(int)            = Add                       : r0_25, r0_23
-#  199|     m0_27(int)            = Store                     : &:r0_24, r0_26
-#  200|     r0_28(glval<int>)     = VariableAddress[#return]  : 
-#  200|     r0_29(glval<int>)     = VariableAddress[ret]      : 
-#  200|     r0_30(int)            = Load                      : &:r0_29, m0_27
-#  200|     m0_31(int)            = Store                     : &:r0_28, r0_30
-#  197|     r0_32(glval<int>)     = VariableAddress[#return]  : 
-#  197|     v0_33(void)           = ReturnValue               : &:r0_32, m0_31
-#  197|     v0_34(void)           = UnmodeledUse              : mu*
-#  197|     v0_35(void)           = ExitFunction              : 
+#  198| int PureFunctions(char*, char*, int)
+#  198|   Block 0
+#  198|     v0_0(void)            = EnterFunction             : 
+#  198|     mu0_1(unknown)        = AliasedDefinition         : 
+#  198|     mu0_2(unknown)        = UnmodeledDefinition       : 
+#  198|     r0_3(glval<char *>)   = VariableAddress[str1]     : 
+#  198|     m0_4(char *)          = InitializeParameter[str1] : &:r0_3
+#  198|     r0_5(glval<char *>)   = VariableAddress[str2]     : 
+#  198|     m0_6(char *)          = InitializeParameter[str2] : &:r0_5
+#  198|     r0_7(glval<int>)      = VariableAddress[x]        : 
+#  198|     m0_8(int)             = InitializeParameter[x]    : &:r0_7
+#  199|     r0_9(glval<int>)      = VariableAddress[ret]      : 
+#  199|     r0_10(glval<unknown>) = FunctionAddress[strcmp]   : 
+#  199|     r0_11(glval<char *>)  = VariableAddress[str1]     : 
+#  199|     r0_12(char *)         = Load                      : &:r0_11, m0_4
+#  199|     r0_13(char *)         = Convert                   : r0_12
+#  199|     r0_14(glval<char *>)  = VariableAddress[str2]     : 
+#  199|     r0_15(char *)         = Load                      : &:r0_14, m0_6
+#  199|     r0_16(char *)         = Convert                   : r0_15
+#  199|     r0_17(int)            = Call                      : func:r0_10, 0:r0_13, 1:r0_16
+#  199|     v0_18(void)           = ^CallReadSideEffect       : ~mu0_2
+#  199|     m0_19(int)            = Store                     : &:r0_9, r0_17
+#  200|     r0_20(glval<unknown>) = FunctionAddress[strlen]   : 
+#  200|     r0_21(glval<char *>)  = VariableAddress[str1]     : 
+#  200|     r0_22(char *)         = Load                      : &:r0_21, m0_4
+#  200|     r0_23(char *)         = Convert                   : r0_22
+#  200|     r0_24(int)            = Call                      : func:r0_20, 0:r0_23
+#  200|     v0_25(void)           = ^CallReadSideEffect       : ~mu0_2
+#  200|     r0_26(glval<int>)     = VariableAddress[ret]      : 
+#  200|     r0_27(int)            = Load                      : &:r0_26, m0_19
+#  200|     r0_28(int)            = Add                       : r0_27, r0_24
+#  200|     m0_29(int)            = Store                     : &:r0_26, r0_28
+#  201|     r0_30(glval<unknown>) = FunctionAddress[abs]      : 
+#  201|     r0_31(glval<int>)     = VariableAddress[x]        : 
+#  201|     r0_32(int)            = Load                      : &:r0_31, m0_8
+#  201|     r0_33(int)            = Call                      : func:r0_30, 0:r0_32
+#  201|     r0_34(glval<int>)     = VariableAddress[ret]      : 
+#  201|     r0_35(int)            = Load                      : &:r0_34, m0_29
+#  201|     r0_36(int)            = Add                       : r0_35, r0_33
+#  201|     m0_37(int)            = Store                     : &:r0_34, r0_36
+#  202|     r0_38(glval<int>)     = VariableAddress[#return]  : 
+#  202|     r0_39(glval<int>)     = VariableAddress[ret]      : 
+#  202|     r0_40(int)            = Load                      : &:r0_39, m0_37
+#  202|     m0_41(int)            = Store                     : &:r0_38, r0_40
+#  198|     r0_42(glval<int>)     = VariableAddress[#return]  : 
+#  198|     v0_43(void)           = ReturnValue               : &:r0_42, m0_41
+#  198|     v0_44(void)           = UnmodeledUse              : mu*
+#  198|     v0_45(void)           = ExitFunction              : 

Original file line number	Diff line number	Diff line change
`@@ -192,10 +192,12 @@ static void AsmStmtWithOutputs(unsigned int& a, unsigned int& b, unsigned int& c`
`192`	`192`	`}`
`193`	`193`
`194`	`194`	`int strcmp(const char , const char );`
	`195`	`+int strlen(const char *);`
`195`	`196`	`int abs(int);`
`196`	`197`
`197`	`198`	`int PureFunctions(char str1, char str2, int x) {`
`198`	`199`	`int ret = strcmp(str1, str2);`
	`200`	`+ ret += strlen(str1);`
`199`	`201`	`ret += abs(x);`
`200`	`202`	`return ret;`
`201`	`203`	`}`