CPP: Fix FPs.

geoffw0 · geoffw0 · commit cf194219b960 · 2019-07-15T14:58:35.000+01:00
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql b/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
@@ -322,9 +322,11 @@ class LoopWithAlloca extends Stmt {
   }
 }
 
-from LoopWithAlloca l
+from LoopWithAlloca l, AllocaCall alloc
 where
   not l.(DoStmt).getCondition().getValue() = "0" and
-  not l.isTightlyBounded()
-select l.getAnAllocaCall(), "Stack allocation is inside a $@ loop.", l,
+  not l.isTightlyBounded() and
+  alloc = l.getAnAllocaCall() and
+  alloc.getASuccessor*() = l.(Loop).getStmt()
+select alloc, "Stack allocation is inside a $@ loop.", l,
   l.toString()
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/AllocaInLoop/AllocaInLoop.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/AllocaInLoop/AllocaInLoop.expected
@@ -1,9 +1,7 @@
 | AllocaInLoop1.cpp:31:18:31:23 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:22:2:39:2 | for(...;...;...) ... | for(...;...;...) ... |
 | AllocaInLoop1.cpp:55:19:55:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:45:2:64:2 | for(...;...;...) ... | for(...;...;...) ... |
 | AllocaInLoop1.cpp:80:19:80:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:71:3:88:3 | for(...;...;...) ... | for(...;...;...) ... |
-| AllocaInLoop1.cpp:97:19:97:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:96:2:100:13 | do (...) ... | do (...) ... |
 | AllocaInLoop1.cpp:110:19:110:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:109:2:113:13 | do (...) ... | do (...) ... |
-| AllocaInLoop1.cpp:123:19:123:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:122:2:126:13 | do (...) ... | do (...) ... |
 | AllocaInLoop1ms.cpp:28:18:28:24 | call to _alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1ms.cpp:19:2:36:2 | for(...;...;...) ... | for(...;...;...) ... |
 | AllocaInLoop1ms.cpp:52:19:52:26 | call to _malloca | Stack allocation is inside a $@ loop. | AllocaInLoop1ms.cpp:42:2:63:2 | for(...;...;...) ... | for(...;...;...) ... |
 | AllocaInLoop1ms.cpp:79:19:79:25 | call to _alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1ms.cpp:70:3:87:3 | for(...;...;...) ... | for(...;...;...) ... |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/AllocaInLoop/AllocaInLoop1.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/AllocaInLoop/AllocaInLoop1.cpp
@@ -94,7 +94,7 @@ void case4() {
 	char *buffer;
 
 	do {
-		buffer = (char*)alloca(1024); // GOOD [FALSE POSITIVE]
+		buffer = (char*)alloca(1024); // GOOD
 
 		break;
 	} while (1);
@@ -120,7 +120,7 @@ char *case6() {
 	char *buffer;
 
 	do {
-		buffer = (char*)alloca(1024); // GOOD [FALSE POSITIVE]
+		buffer = (char*)alloca(1024); // GOOD
 
 		return buffer;
 	} while (1);

Original file line number	Diff line number	Diff line change
`@@ -322,9 +322,11 @@ class LoopWithAlloca extends Stmt {`
`322`	`322`	`}`
`323`	`323`	`}`
`324`	`324`
`325`		`-from LoopWithAlloca l`
	`325`	`+from LoopWithAlloca l, AllocaCall alloc`
`326`	`326`	`where`
`327`	`327`	`not l.(DoStmt).getCondition().getValue() = "0" and`
`328`		`- not l.isTightlyBounded()`
`329`		`-select l.getAnAllocaCall(), "Stack allocation is inside a $@ loop.", l,`
	`328`	`+ not l.isTightlyBounded() and`
	`329`	`+ alloc = l.getAnAllocaCall() and`
	`330`	`+ alloc.getASuccessor*() = l.(Loop).getStmt()`
	`331`	`+select alloc, "Stack allocation is inside a $@ loop.", l,`
`330`	`332`	`l.toString()`