From 6daf80cdd001fa3d409614fbd242d1b9cb37ddad Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 25 Apr 2024 15:34:44 +0200 Subject: [PATCH 01/30] C#: Add integration test with multiple project files that have disjoint dependencies. --- .../Assemblies.expected | 165 ++++++++++++++++++ .../Assemblies.ql | 17 ++ .../Program.cs | 6 + .../global.json | 5 + .../standalone1.csproj | 16 ++ .../standalone2.csproj | 16 ++ .../test.py | 3 + 7 files changed, 228 insertions(+) create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.expected create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.ql create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Program.cs create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/global.json create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/standalone1.csproj create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/standalone2.csproj create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/test.py diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.expected new file mode 100644 index 000000000000..8ad98c213790 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.expected @@ -0,0 +1,165 @@ +| [...]/avalara.avatax/23.11.0/lib/netstandard2.0/Avalara.AvaTax.RestClient.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/Microsoft.CSharp.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/Microsoft.VisualBasic.Core.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/Microsoft.VisualBasic.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/Microsoft.Win32.Primitives.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/Microsoft.Win32.Registry.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.AppContext.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Buffers.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Collections.Concurrent.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Collections.Immutable.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Collections.NonGeneric.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Collections.Specialized.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Collections.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ComponentModel.Annotations.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ComponentModel.DataAnnotations.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ComponentModel.EventBasedAsync.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ComponentModel.Primitives.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ComponentModel.TypeConverter.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ComponentModel.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Configuration.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Console.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Core.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Data.Common.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Data.DataSetExtensions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Data.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.Contracts.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.Debug.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.DiagnosticSource.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.FileVersionInfo.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.Process.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.StackTrace.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.TextWriterTraceListener.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.Tools.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.TraceSource.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Diagnostics.Tracing.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Drawing.Primitives.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Drawing.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Dynamic.Runtime.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Formats.Asn1.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Formats.Tar.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Globalization.Calendars.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Globalization.Extensions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Globalization.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.Compression.Brotli.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.Compression.FileSystem.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.Compression.ZipFile.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.Compression.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.FileSystem.AccessControl.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.FileSystem.DriveInfo.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.FileSystem.Primitives.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.FileSystem.Watcher.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.FileSystem.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.IsolatedStorage.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.MemoryMappedFiles.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.Pipes.AccessControl.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.Pipes.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.UnmanagedMemoryStream.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.IO.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Linq.Expressions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Linq.Parallel.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Linq.Queryable.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Linq.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Memory.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.Http.Json.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.Http.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.HttpListener.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.Mail.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.NameResolution.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.NetworkInformation.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.Ping.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.Primitives.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.Quic.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.Requests.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.Security.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.ServicePoint.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.Sockets.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.WebClient.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.WebHeaderCollection.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.WebProxy.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.WebSockets.Client.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.WebSockets.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Net.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Numerics.Vectors.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Numerics.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ObjectModel.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Reflection.DispatchProxy.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Reflection.Emit.ILGeneration.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Reflection.Emit.Lightweight.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Reflection.Emit.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Reflection.Extensions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Reflection.Metadata.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Reflection.Primitives.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Reflection.TypeExtensions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Reflection.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Resources.Reader.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Resources.ResourceManager.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Resources.Writer.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.CompilerServices.Unsafe.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.CompilerServices.VisualC.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Extensions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Handles.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.InteropServices.JavaScript.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.InteropServices.RuntimeInformation.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.InteropServices.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Intrinsics.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Loader.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Numerics.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Serialization.Formatters.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Serialization.Json.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Serialization.Primitives.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Serialization.Xml.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.Serialization.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Runtime.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.AccessControl.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Claims.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.Algorithms.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.Cng.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.Csp.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.Encoding.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.OpenSsl.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.Primitives.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.X509Certificates.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Principal.Windows.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.Principal.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.SecureString.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Security.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ServiceModel.Web.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ServiceProcess.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Text.Encoding.CodePages.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Text.Encoding.Extensions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Text.Encoding.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Text.Encodings.Web.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Text.Json.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Text.RegularExpressions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.Channels.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.Overlapped.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.Tasks.Dataflow.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.Tasks.Extensions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.Tasks.Parallel.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.Tasks.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.Thread.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.ThreadPool.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.Timer.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Threading.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Transactions.Local.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Transactions.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.ValueTuple.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Web.HttpUtility.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Web.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Windows.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Xml.Linq.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Xml.ReaderWriter.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Xml.Serialization.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Xml.XDocument.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Xml.XPath.XDocument.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Xml.XPath.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Xml.XmlDocument.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Xml.XmlSerializer.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.Xml.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/System.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/WindowsBase.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/mscorlib.dll | +| [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/netstandard.dll | +| [...]/newtonsoft.json/12.0.1/lib/netstandard2.0/Newtonsoft.Json.dll | diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.ql b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.ql new file mode 100644 index 000000000000..b78ceee2d8f8 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.ql @@ -0,0 +1,17 @@ +import csharp + +private string getPath(Assembly a) { + not a.getCompilation().getOutputAssembly() = a and + exists(string s | s = a.getFile().getAbsolutePath() | + result = + "[...]" + + s.substring(s.indexOf("test-db/working/") + "test-db/working/".length() + 16 + + "/packages".length(), s.length()) + or + result = s and + not exists(s.indexOf("test-db/working/")) + ) +} + +from Assembly a +select getPath(a) diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Program.cs b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Program.cs new file mode 100644 index 000000000000..39a9e95bb6e3 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Program.cs @@ -0,0 +1,6 @@ +class Program +{ + static void Main(string[] args) + { + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/global.json b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/global.json new file mode 100644 index 000000000000..d54915e8d4d0 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/global.json @@ -0,0 +1,5 @@ +{ + "sdk": { + "version": "8.0.101" + } +} diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/standalone1.csproj b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/standalone1.csproj new file mode 100644 index 000000000000..67d37d1a7608 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/standalone1.csproj @@ -0,0 +1,16 @@ + + + + Exe + net8.0 + + + + + + + + + + + diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/standalone2.csproj b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/standalone2.csproj new file mode 100644 index 000000000000..05fb5c1aa487 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/standalone2.csproj @@ -0,0 +1,16 @@ + + + + Exe + net8.0 + + + + + + + + + + + diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/test.py b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/test.py new file mode 100644 index 000000000000..a17966e148a9 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/test.py @@ -0,0 +1,3 @@ +from create_database_utils import * + +run_codeql_database_create([], lang="csharp", extra_args=["--build-mode=none"]) From 0124b0749f9dd3a58e8dada7611ce04a7ff11c72 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 18 Apr 2024 09:29:49 +0200 Subject: [PATCH 02/30] C#: Do not run dotnet restore in parallel for projects in the same folder. --- .../NugetPackageRestorer.cs | 26 +++++++++++-------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index 735e4a676c68..d76ad1a676ae 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -240,21 +240,25 @@ private void RestoreProjects(IEnumerable projects, out IEnumerable(); var sync = new object(); - Parallel.ForEach(projects, new ParallelOptions { MaxDegreeOfParallelism = DependencyManager.Threads }, project => + var projectGroups = projects.GroupBy(Path.GetDirectoryName); + Parallel.ForEach(projectGroups, new ParallelOptions { MaxDegreeOfParallelism = DependencyManager.Threads }, projectGroup => { - logger.LogInfo($"Restoring project {project}..."); - var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true)); - lock (sync) + foreach (var project in projectGroup) { - if (res.Success) - { - successCount++; - } - if (res.HasNugetPackageSourceError) + logger.LogInfo($"Restoring project {project}..."); + var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true)); + lock (sync) { - nugetSourceFailures++; + if (res.Success) + { + successCount++; + } + if (res.HasNugetPackageSourceError) + { + nugetSourceFailures++; + } + assetFiles.AddRange(res.AssetsFilePaths); } - assetFiles.AddRange(res.AssetsFilePaths); } }); assets = assetFiles; From 131d0b911fcddaf92911c2eaeed7a7391286498f Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 25 Apr 2024 14:12:56 +0200 Subject: [PATCH 03/30] C#: Inline dependency collection from asset files per group. --- .../Assets.cs | 46 ++++--- .../DependencyContainer.cs | 18 ++- .../DependencyManager.cs | 2 - .../NugetPackageRestorer.cs | 32 +++-- .../Semmle.Extraction.Tests/Assets.cs | 118 ++++++++---------- 5 files changed, 118 insertions(+), 98 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs index a59991b4b837..511db0871d9a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs @@ -16,6 +16,11 @@ internal class Assets { private readonly ILogger logger; + /// + /// Contains the dependencies found in the parsed asset files. + /// + public DependencyContainer Dependencies { get; } = new(); + internal Assets(ILogger logger) { this.logger = logger; @@ -72,7 +77,7 @@ private record class ReferenceInfo(string? Type, Dictionary? Com /// "json.net" /// } /// - private void AddPackageDependencies(JObject json, DependencyContainer dependencies) + private void AddPackageDependencies(JObject json) { // If there is more than one framework we need to pick just one. // To ensure stability we pick one based on the lexicographic order of @@ -107,13 +112,13 @@ private void AddPackageDependencies(JObject json, DependencyContainer dependenci // If this is a framework reference then include everything. if (FrameworkPackageNames.AllFrameworks.Any(framework => name.StartsWith(framework))) { - dependencies.AddFramework(name); + Dependencies.AddFramework(name); } return; } info.Compile - .ForEach(r => dependencies.Add(name, r.Key)); + .ForEach(r => Dependencies.Add(name, r.Key)); }); return; @@ -149,7 +154,7 @@ private void AddPackageDependencies(JObject json, DependencyContainer dependenci /// "microsoft.netcore.app.ref" /// } /// - private void AddFrameworkDependencies(JObject json, DependencyContainer dependencies) + private void AddFrameworkDependencies(JObject json) { var frameworks = json @@ -178,7 +183,7 @@ private void AddFrameworkDependencies(JObject json, DependencyContainer dependen references .Properties() - .ForEach(f => dependencies.AddFramework($"{f.Name}.Ref".ToLowerInvariant())); + .ForEach(f => Dependencies.AddFramework($"{f.Name}.Ref".ToLowerInvariant())); } /// @@ -186,13 +191,13 @@ private void AddFrameworkDependencies(JObject json, DependencyContainer dependen /// (together with used package information) required for compilation. /// /// True if parsing succeeds, otherwise false. - public bool TryParse(string json, DependencyContainer dependencies) + public bool TryParse(string json) { try { var obj = JObject.Parse(json); - AddPackageDependencies(obj, dependencies); - AddFrameworkDependencies(obj, dependencies); + AddPackageDependencies(obj); + AddFrameworkDependencies(obj); return true; } catch (Exception e) @@ -217,19 +222,24 @@ private static bool TryReadAllText(string path, ILogger logger, [NotNullWhen(ret } } - public static DependencyContainer GetCompilationDependencies(ILogger logger, IEnumerable assets) + /// + /// Add the dependencies from the assets file to the dependencies. + /// + /// Path to an asset file. + public void AddDependencies(string asset) { - var parser = new Assets(logger); - var dependencies = new DependencyContainer(); - assets.ForEach(asset => + if (TryReadAllText(asset, logger, out var json)) { - if (TryReadAllText(asset, logger, out var json)) - { - parser.TryParse(json, dependencies); - } - }); - return dependencies; + TryParse(json); + } } + + /// + /// Add the dependencies from the assets files to the dependencies. + /// + /// Collection of paths to asset files. + public void AddDependenciesRange(IEnumerable assets) => + assets.ForEach(AddDependencies); } internal static class JsonExtensions diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs index d3858f17fe18..6251fa321243 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs @@ -12,7 +12,7 @@ internal class DependencyContainer /// /// Paths to dependencies required for compilation. /// - public List Paths { get; } = new(); + public HashSet Paths { get; } = new(); /// /// Packages that are used as a part of the required dependencies. @@ -68,4 +68,18 @@ public void AddFramework(string framework) Packages.Add(GetPackageName(p)); } } -} \ No newline at end of file + + internal static class DependencyContainerExtensions + { + /// + /// Flatten a list of containers into a single container. + /// + public static DependencyContainer Flatten(this IEnumerable container) => + container.Aggregate(new DependencyContainer(), (acc, c) => + { + acc.Paths.UnionWith(c.Paths); + acc.Packages.UnionWith(c.Packages); + return acc; + }); + } +} diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index d0e68defac16..ff9230e7c9b7 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -3,8 +3,6 @@ using System.Collections.Generic; using System.IO; using System.Linq; -using System.Security.Cryptography; -using System.Text; using System.Threading.Tasks; using Semmle.Util; diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index d76ad1a676ae..371b33dfecaa 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -144,11 +144,12 @@ public HashSet Restore() logger.LogError($"Failed to restore Nuget packages with nuget.exe: {exc.Message}"); } - var restoredProjects = RestoreSolutions(out var assets1); + var restoredProjects = RestoreSolutions(out var container); var projects = fileProvider.Projects.Except(restoredProjects); - RestoreProjects(projects, out var assets2); + RestoreProjects(projects, out var containers); - var dependencies = Assets.GetCompilationDependencies(logger, assets1.Union(assets2)); + containers.Add(container); + var dependencies = containers.Flatten(); var paths = dependencies .Paths @@ -198,14 +199,14 @@ private List GetReachableFallbackNugetFeeds() /// As opposed to RestoreProjects this is not run in parallel using PLINQ /// as `dotnet restore` on a solution already uses multiple threads for restoring /// the projects (this can be disabled with the `--disable-parallel` flag). - /// Populates assets with the relative paths to the assets files generated by the restore. + /// Populates dependencies with the relevant dependencies from the assets files generated by the restore. /// Returns a list of projects that are up to date with respect to restore. /// - private IEnumerable RestoreSolutions(out IEnumerable assets) + private IEnumerable RestoreSolutions(out DependencyContainer dependencies) { var successCount = 0; var nugetSourceFailures = 0; - var assetFiles = new List(); + var assets = new Assets(logger); var projects = fileProvider.Solutions.SelectMany(solution => { logger.LogInfo($"Restoring solution {solution}..."); @@ -218,10 +219,10 @@ private IEnumerable RestoreSolutions(out IEnumerable assets) { nugetSourceFailures++; } - assetFiles.AddRange(res.AssetsFilePaths); + assets.AddDependenciesRange(res.AssetsFilePaths); return res.RestoredProjects; }).ToList(); - assets = assetFiles; + dependencies = assets.Dependencies; compilationInfoContainer.CompilationInfos.Add(("Successfully restored solution files", successCount.ToString())); compilationInfoContainer.CompilationInfos.Add(("Failed solution restore with package source error", nugetSourceFailures.ToString())); compilationInfoContainer.CompilationInfos.Add(("Restored projects through solution files", projects.Count.ToString())); @@ -231,22 +232,24 @@ private IEnumerable RestoreSolutions(out IEnumerable assets) /// /// Executes `dotnet restore` on all projects in projects. /// This is done in parallel for performance reasons. - /// Populates assets with the relative paths to the assets files generated by the restore. + /// Populates dependencies with the relative paths to the assets files generated by the restore. /// /// A list of paths to project files. - private void RestoreProjects(IEnumerable projects, out IEnumerable assets) + private void RestoreProjects(IEnumerable projects, out List dependencies) { var successCount = 0; var nugetSourceFailures = 0; - var assetFiles = new List(); + List collectedDependencies = []; var sync = new object(); var projectGroups = projects.GroupBy(Path.GetDirectoryName); Parallel.ForEach(projectGroups, new ParallelOptions { MaxDegreeOfParallelism = DependencyManager.Threads }, projectGroup => { + var assets = new Assets(logger); foreach (var project in projectGroup) { logger.LogInfo($"Restoring project {project}..."); var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true)); + assets.AddDependenciesRange(res.AssetsFilePaths); lock (sync) { if (res.Success) @@ -257,11 +260,14 @@ private void RestoreProjects(IEnumerable projects, out IEnumerable From 181a063bb9c9b2b29a7713d997afe5c46002bb85 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 25 Apr 2024 15:38:39 +0200 Subject: [PATCH 04/30] C#: Update expected test output. --- .../standalone_dependencies_multi_project/Assemblies.expected | 1 + 1 file changed, 1 insertion(+) diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.expected index 8ad98c213790..2d54c0155a43 100644 --- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.expected +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_project/Assemblies.expected @@ -1,4 +1,5 @@ | [...]/avalara.avatax/23.11.0/lib/netstandard2.0/Avalara.AvaTax.RestClient.dll | +| [...]/microsoft.bcl.asyncinterfaces/8.0.0/lib/netstandard2.1/Microsoft.Bcl.AsyncInterfaces.dll | | [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/Microsoft.CSharp.dll | | [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/Microsoft.VisualBasic.Core.dll | | [...]/microsoft.netcore.app.ref/8.0.1/ref/net8.0/Microsoft.VisualBasic.dll | From baa31e1469a40d8a67d446165ffe7c8b1f84e5cc Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Thu, 25 Apr 2024 22:19:28 +0200 Subject: [PATCH 05/30] delete outdated deprecations --- .../valuenumbering/GlobalValueNumbering.qll | 1 - .../GlobalValueNumberingImpl.qll | 616 ------------------ csharp/ql/lib/semmle/code/csharp/Callable.qll | 13 - .../semmle/code/csharp/exprs/Assignment.qll | 6 - .../code/csharp/exprs/BitwiseOperation.qll | 6 - .../security/dataflow/ExternalAPIsQuery.qll | 11 - go/ql/lib/semmle/go/security/FlowSources.qll | 2 - java/ql/lib/semmle/code/java/Expr.qll | 18 - .../java/dataflow/internal/DataFlowImpl1.qll | 8 - .../java/dataflow/internal/DataFlowImpl2.qll | 8 - .../java/dataflow/internal/DataFlowImpl3.qll | 8 - .../java/dataflow/internal/DataFlowImpl4.qll | 8 - .../java/dataflow/internal/DataFlowImpl5.qll | 8 - .../java/dataflow/internal/DataFlowImpl6.qll | 8 - .../semmle/code/java/regex/RegexTreeView.qll | 8 - .../ql/lib/semmle/javascript/Concepts.qll | 11 +- .../ql/lib/semmle/javascript/Regexp.qll | 14 - .../javascript/security/BadTagFilterQuery.qll | 8 - .../security/OverlyLargeRangeQuery.qll | 8 - .../security/regexp/RegexpMatching.qll | 9 - .../Security/CWE-020/HostnameRegexpShared.qll | 7 - .../lib/semmle/python/dataflow/new/Regexp.qll | 14 - .../Security/CWE-020/HostnameRegexpShared.qll | 8 - ruby/ql/lib/codeql/ruby/Regexp.qll | 14 - .../security/cwe-020/HostnameRegexpShared.qll | 8 - 25 files changed, 1 insertion(+), 829 deletions(-) delete mode 100644 cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll delete mode 100644 cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll delete mode 100644 javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll delete mode 100644 javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll delete mode 100644 javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll delete mode 100644 javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll delete mode 100644 python/ql/src/Security/CWE-020/HostnameRegexpShared.qll delete mode 100644 ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll diff --git a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll b/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll deleted file mode 100644 index cb28edc07b99..000000000000 --- a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll +++ /dev/null @@ -1 +0,0 @@ -import semmle.code.cpp.ir.internal.ASTValueNumbering diff --git a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll b/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll deleted file mode 100644 index 8f43e19c7b55..000000000000 --- a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll +++ /dev/null @@ -1,616 +0,0 @@ -/** - * DEPRECATED: This library has been replaced with a newer version which - * provides better performance and precision. Use - * `semmle.code.cpp.valuenumbering.GlobalValueNumbering` instead. - * - * Provides an implementation of Global Value Numbering. - * See https://en.wikipedia.org/wiki/Global_value_numbering - * - * The predicate `globalValueNumber` converts an expression into a `GVN`, - * which is an abstract type representing the value of the expression. If - * two expressions have the same `GVN` then they compute the same value. - * For example: - * - * ``` - * void f(int x, int y) { - * g(x+y, x+y); - * } - * ``` - * - * In this example, both arguments in the call to `g` compute the same value, - * so both arguments have the same `GVN`. In other words, we can find - * this call with the following query: - * - * ``` - * from FunctionCall call, GVN v - * where v = globalValueNumber(call.getArgument(0)) - * and v = globalValueNumber(call.getArgument(1)) - * select call - * ``` - * - * The analysis is conservative, so two expressions might have different - * `GVN`s even though the actually always compute the same value. The most - * common reason for this is that the analysis cannot prove that there - * are no side-effects that might cause the computed value to change. - */ - -/* - * Note to developers: the correctness of this module depends on the - * definitions of GVN, globalValueNumber, and analyzableExpr being kept in - * sync with each other. If you change this module then make sure that the - * change is symmetric across all three. - */ - -import cpp -private import semmle.code.cpp.controlflow.SSA - -/** - * Holds if the result is a control flow node that might change the - * value of any global variable. This is used in the implementation - * of `GVN_OtherVariable`, because we need to be quite conservative when - * we assign a value number to a global variable. For example: - * - * ``` - * x = g+1; - * dosomething(); - * y = g+1; - * ``` - * - * It is not safe to assign the same value number to both instances - * of `g+1` in this example, because the call to `dosomething` might - * change the value of `g`. - */ -private ControlFlowNode nodeWithPossibleSideEffect() { - result instanceof Call - or - // If the lhs of an assignment is not analyzable by SSA, then - // we need to treat the assignment as having a possible side-effect. - result instanceof Assignment and not result instanceof SsaDefinition - or - result instanceof CrementOperation and not result instanceof SsaDefinition - or - exists(LocalVariable v | - result = v.getInitializer().getExpr() and not result instanceof SsaDefinition - ) - or - result instanceof AsmStmt -} - -/** - * Gets the entry node of the control flow graph of which `node` is a - * member. - */ -cached -private ControlFlowNode getControlFlowEntry(ControlFlowNode node) { - result = node.getControlFlowScope().getEntryPoint() and - result.getASuccessor*() = node -} - -/** - * Holds if there is a control flow edge from `src` to `dst` or - * if `dst` is an expression with a possible side-effect. The idea - * is to treat side effects as entry points in the control flow - * graph so that we can use the dominator tree to find the most recent - * side-effect. - */ -private predicate sideEffectCfg(ControlFlowNode src, ControlFlowNode dst) { - src.getASuccessor() = dst - or - // Add an edge from the entry point to any node that might have a side - // effect. - dst = nodeWithPossibleSideEffect() and - src = getControlFlowEntry(dst) -} - -/** - * Holds if `dominator` is the immediate dominator of `node` in - * the side-effect CFG. - */ -private predicate iDomEffect(ControlFlowNode dominator, ControlFlowNode node) = - idominance(functionEntry/1, sideEffectCfg/2)(_, dominator, node) - -/** - * Gets the most recent side effect. To be more precise, `result` is a - * dominator of `node` and no side-effects can occur between `result` and - * `node`. - * - * `sideEffectCFG` has an edge from the function entry to every node with a - * side-effect. This means that every node with a side-effect has the - * function entry as its immediate dominator. So if node `x` dominates node - * `y` then there can be no side effects between `x` and `y` unless `x` is - * the function entry. So the optimal choice for `result` has the function - * entry as its immediate dominator. - * - * Example: - * - * ``` - * 000: int f(int a, int b, int *p) { - * 001: int r = 0; - * 002: if (a) { - * 003: if (b) { - * 004: sideEffect1(); - * 005: } - * 006: } else { - * 007: sideEffect2(); - * 008: } - * 009: if (a) { - * 010: r++; // Not a side-effect, because r is an SSA variable. - * 011: } - * 012: if (b) { - * 013: r++; // Not a side-effect, because r is an SSA variable. - * 014: } - * 015: return *p; - * 016: } - * ``` - * - * Suppose we want to find the most recent side-effect for the dereference - * of `p` on line 015. The `sideEffectCFG` has an edge from the function - * entry (line 000) to the side effects at lines 004 and 007. Therefore, - * the immediate dominator tree looks like this: - * - * 000 - 001 - 002 - 003 - * - 004 - * - 007 - * - 009 - 010 - * - 012 - 013 - * - 015 - * - * The immediate dominator path to line 015 is 000 - 009 - 012 - 015. - * Therefore, the most recent side effect for line 015 is line 009. - */ -cached -private ControlFlowNode mostRecentSideEffect(ControlFlowNode node) { - exists(ControlFlowNode entry | - functionEntry(entry) and - iDomEffect(entry, result) and - iDomEffect*(result, node) - ) -} - -/** Used to represent the "global value number" of an expression. */ -cached -private newtype GvnBase = - GVN_IntConst(int val, Type t) { mk_IntConst(val, t, _) } or - GVN_FloatConst(float val, Type t) { mk_FloatConst(val, t, _) } or - // If the local variable does not have a defining value, then - // we use the SsaDefinition as its global value number. - GVN_UndefinedStackVariable(StackVariable x, SsaDefinition def) { - mk_UndefinedStackVariable(x, def, _) - } or - // Variables with no SSA information. As a crude (but safe) - // approximation, we use `mostRecentSideEffect` to compute a definition - // location for the variable. This ensures that two instances of the same - // global variable will only get the same value number if they are - // guaranteed to have the same value. - GVN_OtherVariable(Variable x, ControlFlowNode dominator) { mk_OtherVariable(x, dominator, _) } or - deprecated GVN_FieldAccess(GVN s, Field f) { - mk_DotFieldAccess(s, f, _) or - mk_PointerFieldAccess_with_deref(s, f, _) or - mk_ImplicitThisFieldAccess_with_deref(s, f, _) - } or - // Dereference a pointer. The value might have changed since the last - // time the pointer was dereferenced, so we need to include a definition - // location. As a crude (but safe) approximation, we use - // `mostRecentSideEffect` to compute a definition location. - deprecated GVN_Deref(GVN p, ControlFlowNode dominator) { - mk_Deref(p, dominator, _) or - mk_PointerFieldAccess(p, _, dominator, _) or - mk_ImplicitThisFieldAccess_with_qualifier(p, _, dominator, _) - } or - GVN_ThisExpr(Function fcn) { - mk_ThisExpr(fcn, _) or - mk_ImplicitThisFieldAccess(fcn, _, _, _) - } or - deprecated GVN_Conversion(Type t, GVN child) { mk_Conversion(t, child, _) } or - deprecated GVN_BinaryOp(GVN lhs, GVN rhs, string opname) { mk_BinaryOp(lhs, rhs, opname, _) } or - deprecated GVN_UnaryOp(GVN child, string opname) { mk_UnaryOp(child, opname, _) } or - deprecated GVN_ArrayAccess(GVN x, GVN i, ControlFlowNode dominator) { - mk_ArrayAccess(x, i, dominator, _) - } or - // Any expression that is not handled by the cases above is - // given a unique number based on the expression itself. - GVN_Unanalyzable(Expr e) { not analyzableExpr(e) } - -/** - * A Global Value Number. A GVN is an abstract representation of the value - * computed by an expression. The relationship between `Expr` and `GVN` is - * many-to-one: every `Expr` has exactly one `GVN`, but multiple - * expressions can have the same `GVN`. If two expressions have the same - * `GVN`, it means that they compute the same value at run time. The `GVN` - * is an opaque value, so you cannot deduce what the run-time value of an - * expression will be from its `GVN`. The only use for the `GVN` of an - * expression is to find other expressions that compute the same value. - * Use the predicate `globalValueNumber` to get the `GVN` for an `Expr`. - * - * Note: `GVN` has `toString` and `getLocation` methods, so that it can be - * displayed in a results list. These work by picking an arbitrary - * expression with this `GVN` and using its `toString` and `getLocation` - * methods. - */ -deprecated class GVN extends GvnBase { - GVN() { this instanceof GvnBase } - - /** Gets an expression that has this GVN. */ - Expr getAnExpr() { this = globalValueNumber(result) } - - /** Gets the kind of the GVN. This can be useful for debugging. */ - string getKind() { - if this instanceof GVN_IntConst - then result = "IntConst" - else - if this instanceof GVN_FloatConst - then result = "FloatConst" - else - if this instanceof GVN_UndefinedStackVariable - then result = "UndefinedStackVariable" - else - if this instanceof GVN_OtherVariable - then result = "OtherVariable" - else - if this instanceof GVN_FieldAccess - then result = "FieldAccess" - else - if this instanceof GVN_Deref - then result = "Deref" - else - if this instanceof GVN_ThisExpr - then result = "ThisExpr" - else - if this instanceof GVN_Conversion - then result = "Conversion" - else - if this instanceof GVN_BinaryOp - then result = "BinaryOp" - else - if this instanceof GVN_UnaryOp - then result = "UnaryOp" - else - if this instanceof GVN_ArrayAccess - then result = "ArrayAccess" - else - if this instanceof GVN_Unanalyzable - then result = "Unanalyzable" - else result = "error" - } - - /** - * Gets an example of an expression with this GVN. - * This is useful for things like implementing toString(). - */ - private Expr exampleExpr() { - // Pick the expression with the minimum source location string. This is - // just an arbitrary way to pick an expression with this `GVN`. - result = min(Expr e | this = globalValueNumber(e) | e order by e.getLocation().toString()) - } - - /** Gets a textual representation of this element. */ - string toString() { result = this.exampleExpr().toString() } - - /** Gets the primary location of this element. */ - Location getLocation() { result = this.exampleExpr().getLocation() } -} - -private predicate analyzableIntConst(Expr e) { - strictcount(e.getValue().toInt()) = 1 and - strictcount(e.getUnspecifiedType()) = 1 -} - -private predicate mk_IntConst(int val, Type t, Expr e) { - analyzableIntConst(e) and - val = e.getValue().toInt() and - t = e.getUnspecifiedType() -} - -private predicate analyzableFloatConst(Expr e) { - strictcount(e.getValue().toFloat()) = 1 and - strictcount(e.getUnspecifiedType()) = 1 and - not analyzableIntConst(e) -} - -private predicate mk_FloatConst(float val, Type t, Expr e) { - analyzableFloatConst(e) and - val = e.getValue().toFloat() and - t = e.getUnspecifiedType() -} - -private predicate analyzableStackVariable(VariableAccess access) { - strictcount(SsaDefinition def | def.getAUse(_) = access | def) = 1 and - strictcount(SsaDefinition def, Variable v | def.getAUse(v) = access | v) = 1 and - count(SsaDefinition def, Variable v | - def.getAUse(v) = access - | - def.getDefiningValue(v).getFullyConverted() - ) <= 1 and - not analyzableConst(access) -} - -// Note: this predicate only has a result if the access has no -// defining value. If there is a defining value, then there is no -// need to generate a fresh `GVN` for the access because `globalValueNumber` -// will follow the chain and use the GVN of the defining value. -private predicate mk_UndefinedStackVariable( - StackVariable x, SsaDefinition def, VariableAccess access -) { - analyzableStackVariable(access) and - access = def.getAUse(x) and - not exists(def.getDefiningValue(x)) -} - -private predicate analyzableDotFieldAccess(DotFieldAccess access) { - strictcount(access.getTarget()) = 1 and - strictcount(access.getQualifier().getFullyConverted()) = 1 and - not analyzableConst(access) -} - -deprecated private predicate mk_DotFieldAccess(GVN qualifier, Field target, DotFieldAccess access) { - analyzableDotFieldAccess(access) and - target = access.getTarget() and - qualifier = globalValueNumber(access.getQualifier().getFullyConverted()) -} - -private predicate analyzablePointerFieldAccess(PointerFieldAccess access) { - strictcount(mostRecentSideEffect(access)) = 1 and - strictcount(access.getTarget()) = 1 and - strictcount(access.getQualifier().getFullyConverted()) = 1 and - not analyzableConst(access) -} - -deprecated private predicate mk_PointerFieldAccess( - GVN qualifier, Field target, ControlFlowNode dominator, PointerFieldAccess access -) { - analyzablePointerFieldAccess(access) and - dominator = mostRecentSideEffect(access) and - target = access.getTarget() and - qualifier = globalValueNumber(access.getQualifier().getFullyConverted()) -} - -/** - * `obj->field` is equivalent to `(*obj).field`, so we need to wrap an - * extra `GVN_Deref` around the qualifier. - */ -deprecated private predicate mk_PointerFieldAccess_with_deref( - GVN new_qualifier, Field target, PointerFieldAccess access -) { - exists(GVN qualifier, ControlFlowNode dominator | - mk_PointerFieldAccess(qualifier, target, dominator, access) and - new_qualifier = GVN_Deref(qualifier, dominator) - ) -} - -private predicate analyzableImplicitThisFieldAccess(ImplicitThisFieldAccess access) { - strictcount(mostRecentSideEffect(access)) = 1 and - strictcount(access.getTarget()) = 1 and - strictcount(access.getEnclosingFunction()) = 1 and - not analyzableConst(access) -} - -private predicate mk_ImplicitThisFieldAccess( - Function fcn, Field target, ControlFlowNode dominator, ImplicitThisFieldAccess access -) { - analyzableImplicitThisFieldAccess(access) and - dominator = mostRecentSideEffect(access) and - target = access.getTarget() and - fcn = access.getEnclosingFunction() -} - -deprecated private predicate mk_ImplicitThisFieldAccess_with_qualifier( - GVN qualifier, Field target, ControlFlowNode dominator, ImplicitThisFieldAccess access -) { - exists(Function fcn | - mk_ImplicitThisFieldAccess(fcn, target, dominator, access) and - qualifier = GVN_ThisExpr(fcn) - ) -} - -deprecated private predicate mk_ImplicitThisFieldAccess_with_deref( - GVN new_qualifier, Field target, ImplicitThisFieldAccess access -) { - exists(GVN qualifier, ControlFlowNode dominator | - mk_ImplicitThisFieldAccess_with_qualifier(qualifier, target, dominator, access) and - new_qualifier = GVN_Deref(qualifier, dominator) - ) -} - -/** - * Holds if `access` is an access of a variable that does - * not have SSA information. (For example, because the variable - * is global.) - */ -private predicate analyzableOtherVariable(VariableAccess access) { - not access instanceof FieldAccess and - not exists(SsaDefinition def | access = def.getAUse(_)) and - strictcount(access.getTarget()) = 1 and - strictcount(mostRecentSideEffect(access)) = 1 and - not analyzableConst(access) -} - -private predicate mk_OtherVariable(Variable x, ControlFlowNode dominator, VariableAccess access) { - analyzableOtherVariable(access) and - x = access.getTarget() and - dominator = mostRecentSideEffect(access) -} - -private predicate analyzableConversion(Conversion conv) { - strictcount(conv.getUnspecifiedType()) = 1 and - strictcount(conv.getExpr()) = 1 and - not analyzableConst(conv) -} - -deprecated private predicate mk_Conversion(Type t, GVN child, Conversion conv) { - analyzableConversion(conv) and - t = conv.getUnspecifiedType() and - child = globalValueNumber(conv.getExpr()) -} - -private predicate analyzableBinaryOp(BinaryOperation op) { - op.isPure() and - strictcount(op.getLeftOperand().getFullyConverted()) = 1 and - strictcount(op.getRightOperand().getFullyConverted()) = 1 and - strictcount(op.getOperator()) = 1 and - not analyzableConst(op) -} - -deprecated private predicate mk_BinaryOp(GVN lhs, GVN rhs, string opname, BinaryOperation op) { - analyzableBinaryOp(op) and - lhs = globalValueNumber(op.getLeftOperand().getFullyConverted()) and - rhs = globalValueNumber(op.getRightOperand().getFullyConverted()) and - opname = op.getOperator() -} - -private predicate analyzableUnaryOp(UnaryOperation op) { - not op instanceof PointerDereferenceExpr and - op.isPure() and - strictcount(op.getOperand().getFullyConverted()) = 1 and - strictcount(op.getOperator()) = 1 and - not analyzableConst(op) -} - -deprecated private predicate mk_UnaryOp(GVN child, string opname, UnaryOperation op) { - analyzableUnaryOp(op) and - child = globalValueNumber(op.getOperand().getFullyConverted()) and - opname = op.getOperator() -} - -private predicate analyzableThisExpr(ThisExpr thisExpr) { - strictcount(thisExpr.getEnclosingFunction()) = 1 and - not analyzableConst(thisExpr) -} - -private predicate mk_ThisExpr(Function fcn, ThisExpr thisExpr) { - analyzableThisExpr(thisExpr) and - fcn = thisExpr.getEnclosingFunction() -} - -private predicate analyzableArrayAccess(ArrayExpr ae) { - strictcount(ae.getArrayBase().getFullyConverted()) = 1 and - strictcount(ae.getArrayOffset().getFullyConverted()) = 1 and - strictcount(mostRecentSideEffect(ae)) = 1 and - not analyzableConst(ae) -} - -deprecated private predicate mk_ArrayAccess( - GVN base, GVN offset, ControlFlowNode dominator, ArrayExpr ae -) { - analyzableArrayAccess(ae) and - base = globalValueNumber(ae.getArrayBase().getFullyConverted()) and - offset = globalValueNumber(ae.getArrayOffset().getFullyConverted()) and - dominator = mostRecentSideEffect(ae) -} - -private predicate analyzablePointerDereferenceExpr(PointerDereferenceExpr deref) { - strictcount(deref.getOperand().getFullyConverted()) = 1 and - strictcount(mostRecentSideEffect(deref)) = 1 and - not analyzableConst(deref) -} - -deprecated private predicate mk_Deref(GVN p, ControlFlowNode dominator, PointerDereferenceExpr deref) { - analyzablePointerDereferenceExpr(deref) and - p = globalValueNumber(deref.getOperand().getFullyConverted()) and - dominator = mostRecentSideEffect(deref) -} - -/** Gets the global value number of expression `e`. */ -cached -deprecated GVN globalValueNumber(Expr e) { - exists(int val, Type t | - mk_IntConst(val, t, e) and - result = GVN_IntConst(val, t) - ) - or - exists(float val, Type t | - mk_FloatConst(val, t, e) and - result = GVN_FloatConst(val, t) - ) - or - // Local variable with a defining value. - exists(StackVariable x, SsaDefinition def | - analyzableStackVariable(e) and - e = def.getAUse(x) and - result = globalValueNumber(def.getDefiningValue(x).getFullyConverted()) - ) - or - // Local variable without a defining value. - exists(StackVariable x, SsaDefinition def | - mk_UndefinedStackVariable(x, def, e) and - result = GVN_UndefinedStackVariable(x, def) - ) - or - // Variable with no SSA information. - exists(Variable x, ControlFlowNode dominator | - mk_OtherVariable(x, dominator, e) and - result = GVN_OtherVariable(x, dominator) - ) - or - exists(GVN qualifier, Field target | - mk_DotFieldAccess(qualifier, target, e) and - result = GVN_FieldAccess(qualifier, target) - ) - or - exists(GVN qualifier, Field target | - mk_PointerFieldAccess_with_deref(qualifier, target, e) and - result = GVN_FieldAccess(qualifier, target) - ) - or - exists(GVN qualifier, Field target | - mk_ImplicitThisFieldAccess_with_deref(qualifier, target, e) and - result = GVN_FieldAccess(qualifier, target) - ) - or - exists(Function fcn | - mk_ThisExpr(fcn, e) and - result = GVN_ThisExpr(fcn) - ) - or - exists(Type t, GVN child | - mk_Conversion(t, child, e) and - result = GVN_Conversion(t, child) - ) - or - exists(GVN lhs, GVN rhs, string opname | - mk_BinaryOp(lhs, rhs, opname, e) and - result = GVN_BinaryOp(lhs, rhs, opname) - ) - or - exists(GVN child, string opname | - mk_UnaryOp(child, opname, e) and - result = GVN_UnaryOp(child, opname) - ) - or - exists(GVN x, GVN i, ControlFlowNode dominator | - mk_ArrayAccess(x, i, dominator, e) and - result = GVN_ArrayAccess(x, i, dominator) - ) - or - exists(GVN p, ControlFlowNode dominator | - mk_Deref(p, dominator, e) and - result = GVN_Deref(p, dominator) - ) - or - not analyzableExpr(e) and result = GVN_Unanalyzable(e) -} - -private predicate analyzableConst(Expr e) { - analyzableIntConst(e) or - analyzableFloatConst(e) -} - -/** - * Holds if the expression is explicitly handled by `globalValueNumber`. - * Unanalyzable expressions still need to be given a global value number, - * but it will be a unique number that is not shared with any other - * expression. - */ -private predicate analyzableExpr(Expr e) { - analyzableConst(e) or - analyzableStackVariable(e) or - analyzableDotFieldAccess(e) or - analyzablePointerFieldAccess(e) or - analyzableImplicitThisFieldAccess(e) or - analyzableOtherVariable(e) or - analyzableConversion(e) or - analyzableBinaryOp(e) or - analyzableUnaryOp(e) or - analyzableThisExpr(e) or - analyzableArrayAccess(e) or - analyzablePointerDereferenceExpr(e) -} diff --git a/csharp/ql/lib/semmle/code/csharp/Callable.qll b/csharp/ql/lib/semmle/code/csharp/Callable.qll index 9cd365c2ecd6..59cffa8d39e5 100644 --- a/csharp/ql/lib/semmle/code/csharp/Callable.qll +++ b/csharp/ql/lib/semmle/code/csharp/Callable.qll @@ -527,13 +527,6 @@ class Destructor extends Callable, Member, Attributable, @destructor { * (`BinaryOperator`), or a conversion operator (`ConversionOperator`). */ class Operator extends Callable, Member, Attributable, Overridable, @operator { - /** - * DEPRECATED: use `getFunctionName()` instead. - * - * Gets the assembly name of this operator. - */ - deprecated string getAssemblyName() { result = this.getFunctionName() } - override string getName() { operators(this, _, result, _, _, _) } override string getUndecoratedName() { operators(this, _, result, _, _, _) } @@ -989,9 +982,6 @@ class LeftShiftOperator extends BinaryOperator { override string getAPrimaryQlClass() { result = "LeftShiftOperator" } } -/** DEPRECATED: Alias for LeftShiftOperator. */ -deprecated class LShiftOperator = LeftShiftOperator; - /** * A user-defined right shift operator (`>>`), for example * @@ -1007,9 +997,6 @@ class RightShiftOperator extends BinaryOperator { override string getAPrimaryQlClass() { result = "RightShiftOperator" } } -/** DEPRECATED: Alias for RightShiftOperator. */ -deprecated class RShiftOperator = RightShiftOperator; - /** * A user-defined unsigned right shift operator (`>>>`), for example * diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Assignment.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Assignment.qll index 14da6da266f7..a5576f023d7b 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Assignment.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Assignment.qll @@ -192,9 +192,6 @@ class AssignLeftShiftExpr extends AssignBitwiseOperation, @assign_lshift_expr { override string getAPrimaryQlClass() { result = "AssignLeftShiftExpr" } } -/** DEPRECATED: Alias for AssignLeftShipExpr. */ -deprecated class AssignLShiftExpr = AssignLeftShiftExpr; - /** * A right-shift assignment operation, for example `x >>= y`. */ @@ -204,9 +201,6 @@ class AssignRightShiftExpr extends AssignBitwiseOperation, @assign_rshift_expr { override string getAPrimaryQlClass() { result = "AssignRightShiftExpr" } } -/** DEPRECATED: Alias for AssignRightShiftExpr. */ -deprecated class AssignRShiftExpr = AssignRightShiftExpr; - /** * An unsigned right-shift assignment operation, for example `x >>>= y`. */ diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll b/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll index d32485a51f8e..d818a1d08f87 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll @@ -47,9 +47,6 @@ class LeftShiftExpr extends BinaryBitwiseOperation, @lshift_expr { override string getAPrimaryQlClass() { result = "LeftShiftExpr" } } -/** DEPRECATED: Alias for LeftShiftExpr. */ -deprecated class LShiftExpr = LeftShiftExpr; - /** * A right-shift operation, for example `x >> y`. */ @@ -59,9 +56,6 @@ class RightShiftExpr extends BinaryBitwiseOperation, @rshift_expr { override string getAPrimaryQlClass() { result = "RightShiftExpr" } } -/** DEPRECATED: Alias for RightShiftExpr. */ -deprecated class RShiftExpr = RightShiftExpr; - /** * An unsigned right-shift operation, for example `x >>> y`. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll index a0d0ada957a5..41888fc25571 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll @@ -71,17 +71,6 @@ class ExternalApiDataNode extends DataFlow::Node { predicate hasQualifiedName(string qualifier, string name) { this.getCallable().hasFullyQualifiedName(qualifier, name) } - - /** - * DEPRECATED: Use hasQualifiedName/2 instead. - * - * Gets the description of the callable being called. - */ - deprecated string getCallableDescription() { - exists(string qualifier, string name | - this.hasQualifiedName(qualifier, name) and result = getQualifiedName(qualifier, name) - ) - } } /** diff --git a/go/ql/lib/semmle/go/security/FlowSources.qll b/go/ql/lib/semmle/go/security/FlowSources.qll index 6de620c79e42..cf77dade35ab 100644 --- a/go/ql/lib/semmle/go/security/FlowSources.qll +++ b/go/ql/lib/semmle/go/security/FlowSources.qll @@ -39,6 +39,4 @@ module RemoteFlowSource { class MaDRemoteSource extends Range { MaDRemoteSource() { ExternalFlow::sourceNode(this, "remote") } } - - deprecated class CsvRemoteSource = MaDRemoteSource; } diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll index e0208b4df9e4..1862319e30bb 100644 --- a/java/ql/lib/semmle/code/java/Expr.qll +++ b/java/ql/lib/semmle/code/java/Expr.qll @@ -511,9 +511,6 @@ class AssignLeftShiftExpr extends AssignOp, @assignlshiftexpr { override string getAPrimaryQlClass() { result = "AssignLeftShiftExpr" } } -/** DEPRECATED: Alias for AssignLeftShiftExpr. */ -deprecated class AssignLShiftExpr = AssignLeftShiftExpr; - /** A compound assignment expression using the `>>=` operator. */ class AssignRightShiftExpr extends AssignOp, @assignrshiftexpr { override string getOp() { result = ">>=" } @@ -521,9 +518,6 @@ class AssignRightShiftExpr extends AssignOp, @assignrshiftexpr { override string getAPrimaryQlClass() { result = "AssignRightShiftExpr" } } -/** DEPRECATED: Alias for AssignRightShiftExpr. */ -deprecated class AssignRShiftExpr = AssignRightShiftExpr; - /** A compound assignment expression using the `>>>=` operator. */ class AssignUnsignedRightShiftExpr extends AssignOp, @assignurshiftexpr { override string getOp() { result = ">>>=" } @@ -531,9 +525,6 @@ class AssignUnsignedRightShiftExpr extends AssignOp, @assignurshiftexpr { override string getAPrimaryQlClass() { result = "AssignUnsignedRightShiftExpr" } } -/** DEPRECATED: Alias for AssignUnsignedRightShiftExpr. */ -deprecated class AssignURShiftExpr = AssignUnsignedRightShiftExpr; - /** A common super-class to represent constant literals. */ class Literal extends Expr, @literal { /** @@ -793,9 +784,6 @@ class LeftShiftExpr extends BinaryExpr, @lshiftexpr { override string getAPrimaryQlClass() { result = "LeftShiftExpr" } } -/** DEPRECATED: Alias for LeftShiftExpr. */ -deprecated class LShiftExpr = LeftShiftExpr; - /** A binary expression using the `>>` operator. */ class RightShiftExpr extends BinaryExpr, @rshiftexpr { override string getOp() { result = " >> " } @@ -803,9 +791,6 @@ class RightShiftExpr extends BinaryExpr, @rshiftexpr { override string getAPrimaryQlClass() { result = "RightShiftExpr" } } -/** DEPRECATED: Alias for RightShiftExpr. */ -deprecated class RShiftExpr = RightShiftExpr; - /** A binary expression using the `>>>` operator. */ class UnsignedRightShiftExpr extends BinaryExpr, @urshiftexpr { override string getOp() { result = " >>> " } @@ -813,9 +798,6 @@ class UnsignedRightShiftExpr extends BinaryExpr, @urshiftexpr { override string getAPrimaryQlClass() { result = "UnsignedRightShiftExpr" } } -/** DEPRECATED: Alias for UnsignedRightShiftExpr. */ -deprecated class URShiftExpr = UnsignedRightShiftExpr; - /** A binary expression using the `&` operator. */ class AndBitwiseExpr extends BinaryExpr, @andbitexpr { override string getOp() { result = " & " } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll index c3ba9fb0014c..04b058c75653 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index c3ba9fb0014c..04b058c75653 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index c3ba9fb0014c..04b058c75653 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index c3ba9fb0014c..04b058c75653 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index c3ba9fb0014c..04b058c75653 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll index c3ba9fb0014c..04b058c75653 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll index 7575ccb62135..a07d7c741faa 100644 --- a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll +++ b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll @@ -1162,14 +1162,6 @@ module Impl implements RegexTreeViewSig { root.getLiteral().isIgnoreCase() } - /** - * Gets the flags for `root`, or the empty string if `root` has no flags. - */ - additional deprecated string getFlags(RegExpTerm root) { - root.isRootTerm() and - result = root.getLiteral().getFlags() - } - /** * Holds if `root` has the `s` flag for multi-line matching. */ diff --git a/javascript/ql/lib/semmle/javascript/Concepts.qll b/javascript/ql/lib/semmle/javascript/Concepts.qll index 01970490374c..14102556a874 100644 --- a/javascript/ql/lib/semmle/javascript/Concepts.qll +++ b/javascript/ql/lib/semmle/javascript/Concepts.qll @@ -125,16 +125,7 @@ module Cryptography { * extend `CryptographicOperation::Range` instead. */ class CryptographicOperation extends SC::CryptographicOperation instanceof CryptographicOperation::Range - { - /** - * DEPRECATED. This predicate has been renamed to `getAnInput`. - * - * To implement `CryptographicOperation`, please extend - * `CryptographicOperation::Range` and implement `getAnInput` instead of - * extending this class directly. - */ - deprecated final DataFlow::Node getInput() { result = this.getAnInput() } - } + { } class EncryptionAlgorithm = SC::EncryptionAlgorithm; diff --git a/javascript/ql/lib/semmle/javascript/Regexp.qll b/javascript/ql/lib/semmle/javascript/Regexp.qll index 3c190af44764..27ad339c733e 100644 --- a/javascript/ql/lib/semmle/javascript/Regexp.qll +++ b/javascript/ql/lib/semmle/javascript/Regexp.qll @@ -1022,20 +1022,6 @@ predicate isInterpretedAsRegExp(DataFlow::Node source) { ) } -/** - * Provides utility predicates related to regular expressions. - */ -deprecated module RegExpPatterns { - /** - * Gets a pattern that matches common top-level domain names in lower case. - * DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead. - */ - deprecated string getACommonTld() { - // according to ranking by http://google.com/search?q=site:.<> - result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])" - } -} - /** * Gets a node whose value may flow (inter-procedurally) to `re`, where it is interpreted * as a part of a regular expression. diff --git a/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll b/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll deleted file mode 100644 index 0bc83143e8ca..000000000000 --- a/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll +++ /dev/null @@ -1,8 +0,0 @@ -/** - * Provides predicates for reasoning about bad tag filter vulnerabilities. - */ - -private import regexp.RegExpTreeView::RegExpTreeView as TreeView -// BadTagFilterQuery should be used directly from the shared pack, and not from this file. -deprecated private import codeql.regex.nfa.BadTagFilterQuery::Make as Dep -import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll b/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll deleted file mode 100644 index 2053afe95f8c..000000000000 --- a/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll +++ /dev/null @@ -1,8 +0,0 @@ -/** - * Classes and predicates for working with suspicious character ranges. - */ - -private import regexp.RegExpTreeView::RegExpTreeView as TreeView -// OverlyLargeRangeQuery should be used directly from the shared pack, and not from this file. -deprecated private import codeql.regex.OverlyLargeRangeQuery::Make as Dep -import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll b/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll deleted file mode 100644 index cfc0f4992406..000000000000 --- a/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll +++ /dev/null @@ -1,9 +0,0 @@ -/** - * Provides predicates for reasoning about which strings are matched by a regular expression, - * and for testing which capture groups are filled when a particular regexp matches a string. - */ - -private import RegExpTreeView::RegExpTreeView as TreeView -// RegexpMatching should be used directly from the shared pack, and not from this file. -deprecated private import codeql.regex.nfa.RegexpMatching::Make as Dep -import Dep diff --git a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll b/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll deleted file mode 100644 index 524be45c6539..000000000000 --- a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll +++ /dev/null @@ -1,7 +0,0 @@ -/** - * Provides predicates for reasoning about regular expressions - * that match URLs and hostname patterns. - */ - -deprecated import semmle.javascript.security.regexp.HostnameRegexp as Dep -import Dep diff --git a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll index e1f824b2935c..1f13b3847d7b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll +++ b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll @@ -7,20 +7,6 @@ private import semmle.python.regex private import semmle.python.dataflow.new.DataFlow private import semmle.python.regexp.internal.RegExpTracking -/** - * Provides utility predicates related to regular expressions. - */ -deprecated module RegExpPatterns { - /** - * Gets a pattern that matches common top-level domain names in lower case. - * DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead. - */ - deprecated string getACommonTld() { - // according to ranking by http://google.com/search?q=site:.<> - result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])" - } -} - /** * A node whose value may flow to a position where it is interpreted * as a part of a regular expression. diff --git a/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll b/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll deleted file mode 100644 index d15714d406aa..000000000000 --- a/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll +++ /dev/null @@ -1,8 +0,0 @@ -/** - * Provides predicates for reasoning about regular expressions - * that match URLs and hostname patterns. - */ - -// HostnameRegexp should be used directly from the shared regex pack, and not from this file. -deprecated private import semmle.python.security.regexp.HostnameRegex as Dep -import Dep diff --git a/ruby/ql/lib/codeql/ruby/Regexp.qll b/ruby/ql/lib/codeql/ruby/Regexp.qll index 1abcee8d2d16..41d01707fb1f 100644 --- a/ruby/ql/lib/codeql/ruby/Regexp.qll +++ b/ruby/ql/lib/codeql/ruby/Regexp.qll @@ -14,20 +14,6 @@ private import codeql.ruby.DataFlow private import codeql.ruby.ApiGraphs private import codeql.ruby.Concepts -/** - * Provides utility predicates related to regular expressions. - */ -deprecated module RegExpPatterns { - /** - * Gets a pattern that matches common top-level domain names in lower case. - * DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead. - */ - deprecated string getACommonTld() { - // according to ranking by http://google.com/search?q=site:.<> - result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])" - } -} - /** * A node whose value may flow to a position where it is interpreted * as a part of a regular expression. diff --git a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll b/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll deleted file mode 100644 index dc3ed9aeaf77..000000000000 --- a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll +++ /dev/null @@ -1,8 +0,0 @@ -/** - * Provides predicates for reasoning about regular expressions - * that match URLs and hostname patterns. - */ - -// HostnameRegexp should be used directly from the shared regex pack, and not from this file. -deprecated import codeql.ruby.security.regexp.HostnameRegexp as Dep -import Dep From fb376a1cfdd8a502d97273062616fd8408cb8264 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Thu, 25 Apr 2024 22:31:11 +0200 Subject: [PATCH 06/30] revert the deletion of explorationLimit. It'll be deleted along with the entire class later --- .../semmle/code/java/dataflow/internal/DataFlowImpl1.qll | 8 ++++++++ .../semmle/code/java/dataflow/internal/DataFlowImpl2.qll | 8 ++++++++ .../semmle/code/java/dataflow/internal/DataFlowImpl3.qll | 8 ++++++++ .../semmle/code/java/dataflow/internal/DataFlowImpl4.qll | 8 ++++++++ .../semmle/code/java/dataflow/internal/DataFlowImpl5.qll | 8 ++++++++ .../semmle/code/java/dataflow/internal/DataFlowImpl6.qll | 8 ++++++++ 6 files changed, 48 insertions(+) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll index 04b058c75653..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll @@ -168,6 +168,14 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } + /** + * DEPRECATED: Use `FlowExploration` instead. + * + * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * measured in approximate number of interprocedural steps. + */ + deprecated int explorationLimit() { none() } + /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index 04b058c75653..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -168,6 +168,14 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } + /** + * DEPRECATED: Use `FlowExploration` instead. + * + * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * measured in approximate number of interprocedural steps. + */ + deprecated int explorationLimit() { none() } + /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index 04b058c75653..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -168,6 +168,14 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } + /** + * DEPRECATED: Use `FlowExploration` instead. + * + * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * measured in approximate number of interprocedural steps. + */ + deprecated int explorationLimit() { none() } + /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index 04b058c75653..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -168,6 +168,14 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } + /** + * DEPRECATED: Use `FlowExploration` instead. + * + * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * measured in approximate number of interprocedural steps. + */ + deprecated int explorationLimit() { none() } + /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index 04b058c75653..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -168,6 +168,14 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } + /** + * DEPRECATED: Use `FlowExploration` instead. + * + * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * measured in approximate number of interprocedural steps. + */ + deprecated int explorationLimit() { none() } + /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll index 04b058c75653..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll @@ -168,6 +168,14 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } + /** + * DEPRECATED: Use `FlowExploration` instead. + * + * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * measured in approximate number of interprocedural steps. + */ + deprecated int explorationLimit() { none() } + /** * Holds if hidden nodes should be included in the data flow graph. * From e55f2c53092e4972f7020375e97c6dc9ee08fba8 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 26 Apr 2024 06:52:57 +0200 Subject: [PATCH 07/30] reinroduce `GLobalValueNumbering.qll`, that one was supposed to stay --- .../lib/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll | 1 + 1 file changed, 1 insertion(+) create mode 100644 cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll diff --git a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll b/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll new file mode 100644 index 000000000000..cb28edc07b99 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll @@ -0,0 +1 @@ +import semmle.code.cpp.ir.internal.ASTValueNumbering From 0468c5d0bf1f00d18aac583f9b293114380f2e55 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 26 Apr 2024 07:58:35 +0200 Subject: [PATCH 08/30] delete some tests of the old GVN library --- .../GlobalValueNumbering/ast_gvn.expected | 41 ------ .../GlobalValueNumbering/ast_gvn.ql | 11 -- .../ast_uniqueness.expected | 3 - .../GlobalValueNumbering/ast_uniqueness.ql | 8 -- .../diff_ir_expr.expected | 130 ------------------ .../GlobalValueNumbering/diff_ir_expr.ql | 15 -- 6 files changed, 208 deletions(-) delete mode 100644 cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.expected delete mode 100644 cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.ql delete mode 100644 cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.expected delete mode 100644 cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.ql delete mode 100644 cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.expected delete mode 100644 cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.ql diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.expected b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.expected deleted file mode 100644 index 69c21b5e0b1d..000000000000 --- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.expected +++ /dev/null @@ -1,41 +0,0 @@ -WARNING: Type GVN has been deprecated and may be removed in future (ast_gvn.ql:4,6-9) -| test.cpp:5:3:5:3 | x | 5:c3-c3 6:c3-c3 | -| test.cpp:5:7:5:8 | p0 | 5:c7-c8 6:c7-c8 | -| test.cpp:5:7:5:13 | ... + ... | 5:c7-c13 6:c7-c13 7:c7-c7 | -| test.cpp:5:12:5:13 | p1 | 5:c12-c13 6:c12-c13 | -| test.cpp:16:3:16:3 | x | 16:c3-c3 17:c3-c3 | -| test.cpp:16:7:16:8 | p0 | 16:c7-c8 17:c7-c8 | -| test.cpp:16:7:16:13 | ... + ... | 16:c7-c13 17:c7-c13 | -| test.cpp:16:7:16:24 | ... + ... | 16:c7-c24 17:c7-c24 18:c7-c7 | -| test.cpp:16:12:16:13 | p1 | 16:c12-c13 17:c12-c13 | -| test.cpp:16:17:16:24 | global01 | 16:c17-c24 17:c17-c24 | -| test.cpp:29:7:29:8 | p0 | 29:c7-c8 31:c7-c8 | -| test.cpp:29:7:29:13 | ... + ... | 29:c7-c13 31:c7-c13 | -| test.cpp:29:12:29:13 | p1 | 29:c12-c13 31:c12-c13 | -| test.cpp:31:7:31:24 | ... + ... | 31:c7-c24 32:c7-c7 | -| test.cpp:43:7:43:8 | p0 | 43:c7-c8 45:c7-c8 | -| test.cpp:43:7:43:13 | ... + ... | 43:c7-c13 45:c7-c13 | -| test.cpp:43:12:43:13 | p1 | 43:c12-c13 45:c12-c13 | -| test.cpp:44:9:44:9 | 0 | 44:c9-c9 51:c25-c25 53:c18-c21 56:c39-c42 59:c17-c20 88:c12-c12 | -| test.cpp:45:7:45:24 | ... + ... | 45:c7-c24 46:c7-c7 | -| test.cpp:53:10:53:13 | (int)... | 53:c10-c13 56:c21-c24 | -| test.cpp:53:10:53:13 | * ... | 53:c10-c13 56:c21-c24 | -| test.cpp:53:11:53:13 | str | 53:c11-c13 56:c22-c24 | -| test.cpp:53:18:53:21 | 0 | 53:c18-c21 56:c39-c42 59:c17-c20 | -| test.cpp:56:13:56:16 | (int)... | 56:c13-c16 56:c31-c34 59:c9-c12 | -| test.cpp:56:13:56:16 | * ... | 56:c13-c16 56:c31-c34 59:c9-c12 | -| test.cpp:56:14:56:16 | ptr | 56:c14-c16 56:c32-c34 56:c47-c49 59:c10-c12 | -| test.cpp:62:5:62:10 | result | 62:c5-c10 65:c10-c15 | -| test.cpp:77:20:77:30 | (signed short)... | 77:c20-c30 79:c7-c7 | -| test.cpp:79:11:79:14 | vals | 79:c11-c14 79:c24-c27 | -| test.cpp:105:11:105:12 | (Base *)... | 105:c11-c12 106:c14-c35 107:c11-c12 | -| test.cpp:105:11:105:12 | pd | 105:c11-c12 106:c33-c34 | -| test.cpp:105:15:105:15 | b | 105:c15-c15 107:c15-c15 109:c10-c10 | -| test.cpp:125:11:125:12 | pa | 125:c11-c12 126:c11-c12 128:c3-c4 129:c11-c12 | -| test.cpp:125:15:125:15 | x | 125:c15-c15 126:c15-c15 128:c7-c7 | -| test.cpp:136:11:136:18 | global_a | 136:c11-c18 137:c11-c18 139:c3-c10 | -| test.cpp:136:21:136:21 | x | 136:c21-c21 137:c21-c21 139:c13-c13 | -| test.cpp:144:11:144:12 | pa | 144:c11-c12 145:c11-c12 147:c3-c4 149:c11-c12 | -| test.cpp:145:15:145:15 | y | 145:c15-c15 147:c7-c7 | -| test.cpp:153:11:153:18 | global_a | 153:c11-c18 154:c11-c18 156:c3-c10 | -| test.cpp:153:21:153:21 | x | 153:c21-c21 154:c21-c21 | diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.ql b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.ql deleted file mode 100644 index 84d0a7b3672d..000000000000 --- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.ql +++ /dev/null @@ -1,11 +0,0 @@ -import cpp -import semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl - -from GVN g -where strictcount(g.getAnExpr()) > 1 -select g, - strictconcat(Location loc | - loc = g.getAnExpr().getLocation() - | - loc.getStartLine() + ":c" + loc.getStartColumn() + "-c" + loc.getEndColumn(), " " - ) diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.expected b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.expected deleted file mode 100644 index d94d58ad5eac..000000000000 --- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.expected +++ /dev/null @@ -1,3 +0,0 @@ -WARNING: Predicate globalValueNumber has been deprecated and may be removed in future (ast_uniqueness.ql:7,13-30) -WARNING: Predicate globalValueNumber has been deprecated and may be removed in future (ast_uniqueness.ql:8,30-47) -WARNING: Type GVN has been deprecated and may be removed in future (ast_uniqueness.ql:8,18-21) diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.ql b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.ql deleted file mode 100644 index bc6dbf94bf7c..000000000000 --- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.ql +++ /dev/null @@ -1,8 +0,0 @@ -import cpp -import semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl - -// Every expression should have exactly one GVN. -// So this query should have zero results. -from Expr e -where count(globalValueNumber(e)) != 1 -select e, concat(GVN g | g = globalValueNumber(e) | g.getKind(), ", ") diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.expected b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.expected deleted file mode 100644 index 810c83f197f9..000000000000 --- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.expected +++ /dev/null @@ -1,130 +0,0 @@ -WARNING: Predicate globalValueNumber has been deprecated and may be removed in future (diff_ir_expr.ql:8,29-51) -| test.cpp:5:3:5:13 | ... = ... | test.cpp:5:3:5:13 | ... = ... | AST only | -| test.cpp:6:3:6:13 | ... = ... | test.cpp:6:3:6:13 | ... = ... | AST only | -| test.cpp:7:3:7:7 | ... = ... | test.cpp:7:3:7:7 | ... = ... | AST only | -| test.cpp:16:3:16:24 | ... = ... | test.cpp:16:3:16:24 | ... = ... | AST only | -| test.cpp:17:3:17:24 | ... = ... | test.cpp:17:3:17:24 | ... = ... | AST only | -| test.cpp:18:3:18:7 | ... = ... | test.cpp:18:3:18:7 | ... = ... | AST only | -| test.cpp:29:3:29:3 | x | test.cpp:31:3:31:3 | x | IR only | -| test.cpp:29:3:29:24 | ... = ... | test.cpp:29:3:29:24 | ... = ... | AST only | -| test.cpp:30:3:30:17 | call to change_global02 | test.cpp:30:3:30:17 | call to change_global02 | AST only | -| test.cpp:31:3:31:3 | x | test.cpp:29:3:29:3 | x | IR only | -| test.cpp:31:3:31:24 | ... = ... | test.cpp:31:3:31:24 | ... = ... | AST only | -| test.cpp:32:3:32:7 | ... = ... | test.cpp:32:3:32:7 | ... = ... | AST only | -| test.cpp:43:3:43:3 | x | test.cpp:45:3:45:3 | x | IR only | -| test.cpp:43:3:43:24 | ... = ... | test.cpp:43:3:43:24 | ... = ... | AST only | -| test.cpp:43:7:43:24 | ... + ... | test.cpp:45:7:45:24 | ... + ... | IR only | -| test.cpp:43:7:43:24 | ... + ... | test.cpp:46:7:46:7 | x | IR only | -| test.cpp:43:17:43:24 | global03 | test.cpp:45:17:45:24 | global03 | IR only | -| test.cpp:44:3:44:5 | * ... | test.cpp:44:4:44:5 | p2 | IR only | -| test.cpp:44:3:44:9 | ... = ... | test.cpp:44:3:44:9 | ... = ... | AST only | -| test.cpp:44:4:44:5 | p2 | test.cpp:44:3:44:5 | * ... | IR only | -| test.cpp:44:9:44:9 | 0 | test.cpp:51:25:51:25 | 0 | AST only | -| test.cpp:44:9:44:9 | 0 | test.cpp:53:18:53:21 | (int)... | AST only | -| test.cpp:44:9:44:9 | 0 | test.cpp:56:39:56:42 | (int)... | AST only | -| test.cpp:44:9:44:9 | 0 | test.cpp:59:17:59:20 | (int)... | AST only | -| test.cpp:44:9:44:9 | 0 | test.cpp:88:12:88:12 | 0 | AST only | -| test.cpp:45:3:45:3 | x | test.cpp:43:3:43:3 | x | IR only | -| test.cpp:45:3:45:24 | ... = ... | test.cpp:45:3:45:24 | ... = ... | AST only | -| test.cpp:45:7:45:24 | ... + ... | test.cpp:43:7:43:24 | ... + ... | IR only | -| test.cpp:45:17:45:24 | global03 | test.cpp:43:17:43:24 | global03 | IR only | -| test.cpp:46:3:46:7 | ... = ... | test.cpp:46:3:46:7 | ... = ... | AST only | -| test.cpp:46:7:46:7 | x | test.cpp:43:7:43:24 | ... + ... | IR only | -| test.cpp:51:25:51:25 | 0 | test.cpp:44:9:44:9 | 0 | AST only | -| test.cpp:51:25:51:25 | 0 | test.cpp:53:18:53:21 | (int)... | AST only | -| test.cpp:51:25:51:25 | 0 | test.cpp:56:39:56:42 | (int)... | AST only | -| test.cpp:51:25:51:25 | 0 | test.cpp:59:17:59:20 | (int)... | AST only | -| test.cpp:51:25:51:25 | 0 | test.cpp:88:12:88:12 | 0 | AST only | -| test.cpp:51:25:51:25 | (unsigned int)... | test.cpp:51:25:51:25 | (unsigned int)... | AST only | -| test.cpp:53:10:53:13 | (int)... | test.cpp:53:10:53:13 | (int)... | AST only | -| test.cpp:53:10:53:13 | (int)... | test.cpp:56:21:56:24 | (int)... | AST only | -| test.cpp:53:18:53:21 | (int)... | test.cpp:44:9:44:9 | 0 | AST only | -| test.cpp:53:18:53:21 | (int)... | test.cpp:51:25:51:25 | 0 | AST only | -| test.cpp:53:18:53:21 | (int)... | test.cpp:53:18:53:21 | (int)... | AST only | -| test.cpp:53:18:53:21 | (int)... | test.cpp:56:39:56:42 | (int)... | AST only | -| test.cpp:53:18:53:21 | (int)... | test.cpp:59:17:59:20 | (int)... | AST only | -| test.cpp:53:18:53:21 | (int)... | test.cpp:88:12:88:12 | 0 | AST only | -| test.cpp:55:5:55:15 | ... = ... | test.cpp:55:5:55:15 | ... = ... | AST only | -| test.cpp:56:12:56:25 | (...) | test.cpp:56:12:56:25 | (...) | AST only | -| test.cpp:56:12:56:43 | ... && ... | test.cpp:56:12:56:43 | ... && ... | AST only | -| test.cpp:56:13:56:16 | (int)... | test.cpp:56:13:56:16 | (int)... | AST only | -| test.cpp:56:13:56:16 | (int)... | test.cpp:56:31:56:34 | (int)... | AST only | -| test.cpp:56:13:56:16 | (int)... | test.cpp:59:9:59:12 | (int)... | AST only | -| test.cpp:56:21:56:24 | (int)... | test.cpp:53:10:53:13 | (int)... | AST only | -| test.cpp:56:21:56:24 | (int)... | test.cpp:56:21:56:24 | (int)... | AST only | -| test.cpp:56:30:56:43 | (...) | test.cpp:56:30:56:43 | (...) | AST only | -| test.cpp:56:31:56:34 | (int)... | test.cpp:56:13:56:16 | (int)... | AST only | -| test.cpp:56:31:56:34 | (int)... | test.cpp:56:31:56:34 | (int)... | AST only | -| test.cpp:56:31:56:34 | (int)... | test.cpp:59:9:59:12 | (int)... | AST only | -| test.cpp:56:39:56:42 | (int)... | test.cpp:44:9:44:9 | 0 | AST only | -| test.cpp:56:39:56:42 | (int)... | test.cpp:51:25:51:25 | 0 | AST only | -| test.cpp:56:39:56:42 | (int)... | test.cpp:53:18:53:21 | (int)... | AST only | -| test.cpp:56:39:56:42 | (int)... | test.cpp:56:39:56:42 | (int)... | AST only | -| test.cpp:56:39:56:42 | (int)... | test.cpp:59:17:59:20 | (int)... | AST only | -| test.cpp:56:39:56:42 | (int)... | test.cpp:88:12:88:12 | 0 | AST only | -| test.cpp:56:47:56:51 | ... ++ | test.cpp:56:47:56:51 | ... ++ | AST only | -| test.cpp:59:9:59:12 | (int)... | test.cpp:56:13:56:16 | (int)... | AST only | -| test.cpp:59:9:59:12 | (int)... | test.cpp:56:31:56:34 | (int)... | AST only | -| test.cpp:59:9:59:12 | (int)... | test.cpp:59:9:59:12 | (int)... | AST only | -| test.cpp:59:17:59:20 | (int)... | test.cpp:44:9:44:9 | 0 | AST only | -| test.cpp:59:17:59:20 | (int)... | test.cpp:51:25:51:25 | 0 | AST only | -| test.cpp:59:17:59:20 | (int)... | test.cpp:53:18:53:21 | (int)... | AST only | -| test.cpp:59:17:59:20 | (int)... | test.cpp:56:39:56:42 | (int)... | AST only | -| test.cpp:59:17:59:20 | (int)... | test.cpp:59:17:59:20 | (int)... | AST only | -| test.cpp:59:17:59:20 | (int)... | test.cpp:88:12:88:12 | 0 | AST only | -| test.cpp:62:5:62:12 | ... ++ | test.cpp:62:5:62:12 | ... ++ | AST only | -| test.cpp:77:20:77:28 | call to getAValue | test.cpp:79:7:79:7 | v | IR only | -| test.cpp:77:20:77:30 | (signed short)... | test.cpp:77:20:77:30 | (signed short)... | AST only | -| test.cpp:77:20:77:30 | (signed short)... | test.cpp:79:7:79:7 | v | AST only | -| test.cpp:79:7:79:7 | (int)... | test.cpp:79:7:79:7 | (int)... | AST only | -| test.cpp:79:7:79:7 | v | test.cpp:77:20:77:28 | call to getAValue | IR only | -| test.cpp:79:7:79:7 | v | test.cpp:77:20:77:30 | (signed short)... | AST only | -| test.cpp:79:11:79:20 | (int)... | test.cpp:79:11:79:20 | (int)... | AST only | -| test.cpp:79:24:79:33 | (int)... | test.cpp:79:24:79:33 | (int)... | AST only | -| test.cpp:80:5:80:19 | ... = ... | test.cpp:80:5:80:19 | ... = ... | AST only | -| test.cpp:80:9:80:19 | (signed short)... | test.cpp:80:9:80:19 | (signed short)... | AST only | -| test.cpp:88:3:88:20 | ... = ... | test.cpp:88:3:88:20 | ... = ... | AST only | -| test.cpp:88:12:88:12 | 0 | test.cpp:44:9:44:9 | 0 | AST only | -| test.cpp:88:12:88:12 | 0 | test.cpp:51:25:51:25 | 0 | AST only | -| test.cpp:88:12:88:12 | 0 | test.cpp:53:18:53:21 | (int)... | AST only | -| test.cpp:88:12:88:12 | 0 | test.cpp:56:39:56:42 | (int)... | AST only | -| test.cpp:88:12:88:12 | 0 | test.cpp:59:17:59:20 | (int)... | AST only | -| test.cpp:88:12:88:12 | (void *)... | test.cpp:88:12:88:12 | (void *)... | AST only | -| test.cpp:92:11:92:16 | ... = ... | test.cpp:92:15:92:16 | 10 | IR only | -| test.cpp:92:11:92:16 | ... = ... | test.cpp:93:10:93:10 | x | IR only | -| test.cpp:92:15:92:16 | 10 | test.cpp:92:11:92:16 | ... = ... | IR only | -| test.cpp:92:15:92:16 | 10 | test.cpp:93:10:93:10 | x | IR only | -| test.cpp:93:10:93:10 | x | test.cpp:92:11:92:16 | ... = ... | IR only | -| test.cpp:93:10:93:10 | x | test.cpp:92:15:92:16 | 10 | IR only | -| test.cpp:105:11:105:12 | (Base *)... | test.cpp:105:11:105:12 | (Base *)... | AST only | -| test.cpp:105:11:105:12 | (Base *)... | test.cpp:106:14:106:35 | static_cast... | AST only | -| test.cpp:105:11:105:12 | (Base *)... | test.cpp:107:11:107:12 | pb | AST only | -| test.cpp:105:11:105:12 | pd | test.cpp:107:11:107:12 | pb | IR only | -| test.cpp:106:14:106:35 | static_cast... | test.cpp:105:11:105:12 | (Base *)... | AST only | -| test.cpp:106:14:106:35 | static_cast... | test.cpp:106:14:106:35 | static_cast... | AST only | -| test.cpp:106:14:106:35 | static_cast... | test.cpp:107:11:107:12 | pb | AST only | -| test.cpp:106:33:106:34 | pd | test.cpp:107:11:107:12 | pb | IR only | -| test.cpp:107:11:107:12 | pb | test.cpp:105:11:105:12 | (Base *)... | AST only | -| test.cpp:107:11:107:12 | pb | test.cpp:105:11:105:12 | pd | IR only | -| test.cpp:107:11:107:12 | pb | test.cpp:106:14:106:35 | static_cast... | AST only | -| test.cpp:107:11:107:12 | pb | test.cpp:106:33:106:34 | pd | IR only | -| test.cpp:113:3:113:5 | a | test.cpp:115:3:115:5 | a | IR only | -| test.cpp:115:3:115:5 | a | test.cpp:113:3:113:5 | a | IR only | -| test.cpp:125:15:125:15 | x | test.cpp:128:7:128:7 | x | AST only | -| test.cpp:126:15:126:15 | x | test.cpp:128:7:128:7 | x | AST only | -| test.cpp:128:3:128:11 | ... = ... | test.cpp:128:3:128:11 | ... = ... | AST only | -| test.cpp:128:7:128:7 | x | test.cpp:125:15:125:15 | x | AST only | -| test.cpp:128:7:128:7 | x | test.cpp:126:15:126:15 | x | AST only | -| test.cpp:128:11:128:11 | n | test.cpp:129:15:129:15 | x | IR only | -| test.cpp:129:15:129:15 | x | test.cpp:128:11:128:11 | n | IR only | -| test.cpp:136:21:136:21 | x | test.cpp:139:13:139:13 | x | AST only | -| test.cpp:137:21:137:21 | x | test.cpp:139:13:139:13 | x | AST only | -| test.cpp:139:3:139:24 | ... = ... | test.cpp:139:3:139:24 | ... = ... | AST only | -| test.cpp:139:13:139:13 | x | test.cpp:136:21:136:21 | x | AST only | -| test.cpp:139:13:139:13 | x | test.cpp:137:21:137:21 | x | AST only | -| test.cpp:144:15:144:15 | x | test.cpp:149:15:149:15 | x | IR only | -| test.cpp:145:15:145:15 | y | test.cpp:147:7:147:7 | y | AST only | -| test.cpp:147:3:147:18 | ... = ... | test.cpp:147:3:147:18 | ... = ... | AST only | -| test.cpp:147:7:147:7 | y | test.cpp:145:15:145:15 | y | AST only | -| test.cpp:149:15:149:15 | x | test.cpp:144:15:144:15 | x | IR only | -| test.cpp:156:3:156:17 | ... = ... | test.cpp:156:3:156:17 | ... = ... | AST only | diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.ql b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.ql deleted file mode 100644 index 7b897f39dbd9..000000000000 --- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.ql +++ /dev/null @@ -1,15 +0,0 @@ -import cpp -import semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl as AST -import semmle.code.cpp.ir.internal.ASTValueNumbering as IR -import semmle.code.cpp.ir.IR - -Expr ir(Expr e) { result = IR::globalValueNumber(e).getAnExpr() } - -Expr ast(Expr e) { result = AST::globalValueNumber(e).getAnExpr() } - -from Expr e, Expr evn, string note -where - evn = ast(e) and not evn = ir(e) and note = "AST only" - or - evn = ir(e) and not evn = ast(e) and note = "IR only" -select e, evn, note From 14d88eb3ce7b7bf99ead67688791ea415d465630 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 26 Apr 2024 12:56:28 +0200 Subject: [PATCH 09/30] add change-notes --- cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 4 ++++ .../ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 6 ++++++ go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 4 ++++ .../ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 4 ++++ .../ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 6 ++++++ .../ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 5 +++++ .../ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 5 +++++ 7 files changed, 34 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md create mode 100644 csharp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md create mode 100644 go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md create mode 100644 java/ql/lib/change-notes/2024-04-26-outdated-deprecations.md create mode 100644 javascript/ql/lib/change-notes/2024-04-26-outdated-deprecations.md create mode 100644 python/ql/lib/change-notes/2024-04-26-outdated-deprecations.md create mode 100644 ruby/ql/lib/change-notes/2024-04-26-outdated-deprecations.md diff --git a/cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md new file mode 100644 index 000000000000..61a02a9613d4 --- /dev/null +++ b/cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `GlobalValueNumberingImpl.qll` implementation. diff --git a/csharp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/csharp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md new file mode 100644 index 000000000000..2ac740557260 --- /dev/null +++ b/csharp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -0,0 +1,6 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `getAssemblyName` predicate from the `Operator` class. Use `getFunctionName` instead. +* Deleted the deprecated `LShiftOperator`, `RShiftOperator`, `AssignLShiftExpr`, `AssignRShiftExpr`, `LShiftExpr`, and `RShiftExpr` aliases. +* Deleted the deprecated `getCallableDescription` predicate from the `ExternalApiDataNode` class. Use `hasQualifiedName` instead. \ No newline at end of file diff --git a/go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md new file mode 100644 index 000000000000..6723f78df122 --- /dev/null +++ b/go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `CsvRemoteSource` alias. Use `MaDRemoteSource` instead. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/java/ql/lib/change-notes/2024-04-26-outdated-deprecations.md new file mode 100644 index 000000000000..de3190492d39 --- /dev/null +++ b/java/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `AssignLShiftExpr`, `AssignRShiftExpr`, `AssignURShiftExpr`, `LShiftExpr`, `RShiftExpr`, and `URShiftExpr` aliases. diff --git a/javascript/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/javascript/ql/lib/change-notes/2024-04-26-outdated-deprecations.md new file mode 100644 index 000000000000..36444c07ac77 --- /dev/null +++ b/javascript/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -0,0 +1,6 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `getInput` predicate from the `CryptographicOperation` class. Use `getAnInput` instead. +* Deleted the deprecated `RegExpPatterns` module from `Regexp.qll`. +* Deleted the deprecated `semmle/javascript/security/BadTagFilterQuery.qll`, `semmle/javascript/security/OverlyLargeRangeQuery.qll`, `semmle/javascript/security/regexp/RegexpMatching.qll`, and `Security/CWE-020/HostnameRegexpShared.qll` files. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/python/ql/lib/change-notes/2024-04-26-outdated-deprecations.md new file mode 100644 index 000000000000..469060fd5be5 --- /dev/null +++ b/python/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `RegExpPatterns` module from `Regexp.qll`. +* Deleted the deprecated `Security/CWE-020/HostnameRegexpShared.qll` file. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/ruby/ql/lib/change-notes/2024-04-26-outdated-deprecations.md new file mode 100644 index 000000000000..1ad9ef373827 --- /dev/null +++ b/ruby/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `RegExpPatterns` module from `Regexp.qll`. +* Deleted the deprecated `security/cwe-020/HostnameRegexpShared.qll` file. \ No newline at end of file From 2482519cd3c9b9bd6a17216bed2f86d1a98f6450 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 13:09:59 +0100 Subject: [PATCH 10/30] DataFlow: Cached second level scope. --- shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll | 5 +++-- .../dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index de9f718b347c..10c7efdf045f 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -1119,9 +1119,10 @@ module MakeImpl Lang> { pragma[nomagic] private SndLevelScopeOption getScope(RetNodeEx ret) { - result = SndLevelScopeOption::some(getSecondLevelScope(ret.asNode())) + result = SndLevelScopeOption::some(getSecondLevelScopeCached(ret.asNode())) or - result instanceof SndLevelScopeOption::None and not exists(getSecondLevelScope(ret.asNode())) + result instanceof SndLevelScopeOption::None and + not exists(getSecondLevelScopeCached(ret.asNode())) } pragma[nomagic] diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll index 38c3bba3254f..9524ca9d9aba 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll @@ -616,6 +616,9 @@ module MakeImplCommon Lang> { cached predicate forceCachingInSameStage() { any() } + cached + DataFlowSecondLevelScope getSecondLevelScopeCached(Node n) { result = getSecondLevelScope(n) } + cached predicate nodeEnclosingCallable(Node n, DataFlowCallable c) { c = nodeGetEnclosingCallable(n) } From 4f46ce1133e9d367d1fb04b89741ff4ed1f5b06f Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 9 Apr 2024 11:08:56 +0200 Subject: [PATCH 11/30] Python: add test for `Argument[0, self, self:]` for instance methods --- .../model-summaries/InlineTaintTest.ext.yml | 3 +++ .../model-summaries/NormalDataflowTest.ext.yml | 3 +++ .../dataflow/model-summaries/model_summaries.py | 15 +++++++++++++++ 3 files changed, 21 insertions(+) diff --git a/python/ql/test/library-tests/dataflow/model-summaries/InlineTaintTest.ext.yml b/python/ql/test/library-tests/dataflow/model-summaries/InlineTaintTest.ext.yml index 10fbd6df7448..0ed4ca9f172d 100644 --- a/python/ql/test/library-tests/dataflow/model-summaries/InlineTaintTest.ext.yml +++ b/python/ql/test/library-tests/dataflow/model-summaries/InlineTaintTest.ext.yml @@ -18,4 +18,7 @@ extensions: - ["foo", "Member[MS_spread]", "Argument[0]", "ReturnValue.TupleElement[0]", "value"] - ["foo", "Member[MS_spread]", "Argument[1]", "ReturnValue.TupleElement[1]", "value"] - ["foo", "Member[MS_spread_all]", "Argument[0]", "ReturnValue.TupleElement[0,1]", "value"] + - ["foo", "Member[MS_Class].Instance.Member[instance_method]", "Argument[self]", "ReturnValue.TupleElement[0]", "value"] + - ["foo", "Member[MS_Class].Instance.Member[instance_method]", "Argument[0]", "ReturnValue.TupleElement[1]", "value"] + - ["foo", "Member[MS_Class].Instance.Member[explicit_self]", "Argument[self:]", "ReturnValue", "value"] - ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"] diff --git a/python/ql/test/library-tests/dataflow/model-summaries/NormalDataflowTest.ext.yml b/python/ql/test/library-tests/dataflow/model-summaries/NormalDataflowTest.ext.yml index 10fbd6df7448..0ed4ca9f172d 100644 --- a/python/ql/test/library-tests/dataflow/model-summaries/NormalDataflowTest.ext.yml +++ b/python/ql/test/library-tests/dataflow/model-summaries/NormalDataflowTest.ext.yml @@ -18,4 +18,7 @@ extensions: - ["foo", "Member[MS_spread]", "Argument[0]", "ReturnValue.TupleElement[0]", "value"] - ["foo", "Member[MS_spread]", "Argument[1]", "ReturnValue.TupleElement[1]", "value"] - ["foo", "Member[MS_spread_all]", "Argument[0]", "ReturnValue.TupleElement[0,1]", "value"] + - ["foo", "Member[MS_Class].Instance.Member[instance_method]", "Argument[self]", "ReturnValue.TupleElement[0]", "value"] + - ["foo", "Member[MS_Class].Instance.Member[instance_method]", "Argument[0]", "ReturnValue.TupleElement[1]", "value"] + - ["foo", "Member[MS_Class].Instance.Member[explicit_self]", "Argument[self:]", "ReturnValue", "value"] - ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"] diff --git a/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py b/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py index 17f831f6ed12..745a0e64a5b3 100644 --- a/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py +++ b/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py @@ -122,6 +122,21 @@ def explicit_identity(x): SINK(a) # $ flow="SOURCE, l:-1 -> a" SINK(b) # $ flow="SOURCE, l:-2 -> b" +from foo import MS_Class + +c = MS_Class() +a, b = c.instance_method(SOURCE) +SINK_F(a) +SINK(b) # $ flow="SOURCE, l:-2 -> b" + +m = c.instance_method +x, y = (SOURCE, NONSOURCE) +SINK(x) # $ flow="SOURCE, l:-1 -> x" +SINK_F(y) + +ms = c.explicit_self +SINK(ms(SOURCE)) # $ MISSING: flow="SOURCE, l:0 -> ms(SOURCE)" + # Modeled flow-summary is not value preserving from json import MS_loads as json_loads From 9f7edf378e07a18a891dae2bd8ba207d8779ce06 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 23 Apr 2024 11:13:08 +0200 Subject: [PATCH 12/30] Python: fix tests The way to expose the `self` arguemnt is to call an instance method on the class, not on the instance... --- .../dataflow/model-summaries/model_summaries.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py b/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py index 745a0e64a5b3..295a7ca89c54 100644 --- a/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py +++ b/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py @@ -129,13 +129,13 @@ def explicit_identity(x): SINK_F(a) SINK(b) # $ flow="SOURCE, l:-2 -> b" -m = c.instance_method -x, y = (SOURCE, NONSOURCE) -SINK(x) # $ flow="SOURCE, l:-1 -> x" +# call the instance method on the class to expose the self argument +x, y = MS_Class.instance_method(SOURCE, NONSOURCE) +SINK(x) # $ MISSING: flow="SOURCE, l:-1 -> x" SINK_F(y) -ms = c.explicit_self -SINK(ms(SOURCE)) # $ MISSING: flow="SOURCE, l:0 -> ms(SOURCE)" +# call the instance method on the class to expose the self argument +SINK(MS_Class.explicit_self(SOURCE)) # $ MISSING: flow="SOURCE, l:0 -> ms(SOURCE)" # Modeled flow-summary is not value preserving from json import MS_loads as json_loads From 3716b8c6a04f7bf6f5dd06f52620448be401c592 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 23 Apr 2024 15:05:32 +0200 Subject: [PATCH 13/30] Python: update test to reflect correct behaviour also add comments --- .../dataflow/model-summaries/model_summaries.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py b/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py index 295a7ca89c54..46b3d6a4db85 100644 --- a/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py +++ b/python/ql/test/library-tests/dataflow/model-summaries/model_summaries.py @@ -129,13 +129,16 @@ def explicit_identity(x): SINK_F(a) SINK(b) # $ flow="SOURCE, l:-2 -> b" -# call the instance method on the class to expose the self argument +# Call the instance method on the class to expose the self argument x, y = MS_Class.instance_method(SOURCE, NONSOURCE) SINK(x) # $ MISSING: flow="SOURCE, l:-1 -> x" SINK_F(y) -# call the instance method on the class to expose the self argument -SINK(MS_Class.explicit_self(SOURCE)) # $ MISSING: flow="SOURCE, l:0 -> ms(SOURCE)" +# Call the instance method on the class to expose the self argument +# That self argument is not referenced by `Argument[self:]` +SINK_F(MS_Class.explicit_self(SOURCE)) +# Instead, `Argument[self:]` refers to a keyword argument named `self` (which you are allowed to do in Python) +SINK(c.explicit_self(self = SOURCE)) # $ flow="SOURCE -> c.explicit_self(..)" # Modeled flow-summary is not value preserving from json import MS_loads as json_loads From 54cadcfe9be7144c66f00f68640debcaa10fd240 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 13:44:45 +0100 Subject: [PATCH 14/30] C++: Forward to a cached predicate in a cached module instead of caching the predicate in 'Instruction.qll' to include it in the cached stage of the other predicates. --- .../code/cpp/ir/implementation/aliased_ssa/Instruction.qll | 3 +-- .../implementation/aliased_ssa/internal/SSAConstruction.qll | 5 +++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll index 189ffce2903e..53a225c2e89f 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll @@ -247,8 +247,7 @@ class Instruction extends Construction::TStageInstruction { * Gets the type of the result produced by this instruction. If the instruction does not produce * a result, its result type will be `IRVoidType`. */ - cached - final IRType getResultIRType() { result = this.getResultLanguageType().getIRType() } + final IRType getResultIRType() { result = Construction::getInstructionResultIRType(this) } /** * Gets the type of the result produced by this instruction. If the diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll index 209c42726b7d..d2e68c733041 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll @@ -429,6 +429,11 @@ private module Cached { instr = unreachedInstruction(_) and result = Language::getVoidType() } + cached + IRType getInstructionResultIRType(Instruction instr) { + result = instr.getResultLanguageType().getIRType() + } + /** * Holds if `opcode` is the opcode that specifies the operation performed by `instr`. * From dcc4ad2550108d28d04c6abf5ecd50d40ceae66e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 13:45:15 +0100 Subject: [PATCH 15/30] C++: Sync identical files. --- .../semmle/code/cpp/ir/implementation/raw/Instruction.qll | 3 +-- .../code/cpp/ir/implementation/unaliased_ssa/Instruction.qll | 3 +-- .../unaliased_ssa/internal/SSAConstruction.qll | 5 +++++ 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll index 189ffce2903e..53a225c2e89f 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll @@ -247,8 +247,7 @@ class Instruction extends Construction::TStageInstruction { * Gets the type of the result produced by this instruction. If the instruction does not produce * a result, its result type will be `IRVoidType`. */ - cached - final IRType getResultIRType() { result = this.getResultLanguageType().getIRType() } + final IRType getResultIRType() { result = Construction::getInstructionResultIRType(this) } /** * Gets the type of the result produced by this instruction. If the diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll index 189ffce2903e..53a225c2e89f 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll @@ -247,8 +247,7 @@ class Instruction extends Construction::TStageInstruction { * Gets the type of the result produced by this instruction. If the instruction does not produce * a result, its result type will be `IRVoidType`. */ - cached - final IRType getResultIRType() { result = this.getResultLanguageType().getIRType() } + final IRType getResultIRType() { result = Construction::getInstructionResultIRType(this) } /** * Gets the type of the result produced by this instruction. If the diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index 209c42726b7d..d2e68c733041 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -429,6 +429,11 @@ private module Cached { instr = unreachedInstruction(_) and result = Language::getVoidType() } + cached + IRType getInstructionResultIRType(Instruction instr) { + result = instr.getResultLanguageType().getIRType() + } + /** * Holds if `opcode` is the opcode that specifies the operation performed by `instr`. * From 70e9c48a47e88fa140fdbbaeaaab669100dc6f26 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 13:48:13 +0100 Subject: [PATCH 16/30] C++: Also implement the predicate in the raw stage. --- .../cpp/ir/implementation/raw/internal/IRConstruction.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll index 96a01954d17f..7bea8178d141 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll @@ -377,6 +377,10 @@ CppType getInstructionResultType(TStageInstruction instr) { result = getVoidType() } +IRType getInstructionResultIRType(Instruction instr) { + result = instr.getResultLanguageType().getIRType() +} + predicate getInstructionOpcode(Opcode opcode, TStageInstruction instr) { getInstructionTranslatedElement(instr).hasInstruction(opcode, getInstructionTag(instr), _) or From 1d45e3a55874b9cd2c9895efbeb2a5e1a3270815 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Fri, 26 Apr 2024 14:59:31 +0200 Subject: [PATCH 17/30] C#: Store buildless extraction timing information and return in telemetry query --- .../Semmle.Extraction.CSharp.Standalone/Extractor.cs | 1 - .../Semmle.Extraction.CSharp/Extractor/Analyser.cs | 2 ++ .../Semmle.Extraction.CSharp/Extractor/Extractor.cs | 4 +--- .../Extractor/TracingAnalyser.cs | 3 --- csharp/ql/src/Telemetry/ExtractorInformation.ql | 11 ++++++++++- 5 files changed, 13 insertions(+), 8 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs index 63d4ff0e83a8..e578dd4aa31c 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs @@ -40,7 +40,6 @@ private static void AnalyseStandalone( output.Name, syntaxTrees, references, new CSharpCompilationOptions(OutputKind.ConsoleApplication, allowUnsafe: true) ), (compilation, options) => analyser.Initialize(output.FullName, extractionInput.CompilationInfos, compilation, options), - _ => { }, () => { foreach (var type in analyser.MissingNamespaces) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs index cda4610a217f..2f21716284f0 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs @@ -245,6 +245,8 @@ private void DoAnalyseCompilation() } } + public void LogPerformance(Entities.PerformanceMetrics p) => compilationEntity.PopulatePerformance(p); + #nullable restore warnings /// diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs index 22a55849a026..03369e7b6013 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs @@ -309,7 +309,6 @@ public static ExitCode Analyse(Stopwatch stopwatch, Analyser analyser, CommonOpt Func, IEnumerable> getSyntaxTreeTasks, Func, IEnumerable, CSharpCompilation> getCompilation, Action initializeAnalyser, - Action logPerformance, Action postProcess) { using var references = new BlockingCollection(); @@ -368,7 +367,7 @@ public static ExitCode Analyse(Stopwatch stopwatch, Analyser analyser, CommonOpt PeakWorkingSet = currentProcess.PeakWorkingSet64 }; - logPerformance(performance); + analyser.LogPerformance(performance); analyser.Logger.Log(Severity.Info, " Extraction took {0}", sw.Elapsed); postProcess(); @@ -422,7 +421,6 @@ private static ExitCode AnalyseTracing( ); }, (compilation, options) => analyser.EndInitialize(compilerArguments, options, compilation), - performance => analyser.LogPerformance(performance), () => { }); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs index 22db6710f36f..3b73c35f55a4 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs @@ -175,9 +175,6 @@ private IEnumerable FilteredDiagnostics Where(e => e.Severity >= DiagnosticSeverity.Error && !errorsToIgnore.Contains(e.Id)); } } - - public void LogPerformance(Entities.PerformanceMetrics p) => compilationEntity.PopulatePerformance(p); - #nullable restore warnings } } diff --git a/csharp/ql/src/Telemetry/ExtractorInformation.ql b/csharp/ql/src/Telemetry/ExtractorInformation.ql index 64f90e481706..f466e2c8e8ec 100644 --- a/csharp/ql/src/Telemetry/ExtractorInformation.ql +++ b/csharp/ql/src/Telemetry/ExtractorInformation.ql @@ -201,6 +201,14 @@ predicate analyzerAssemblies(string key, float value) { value = 1.0 } +predicate timingValues(string key, float value) { + exists(Compilation c | + key = "Total elapsed seconds" and value = c.getElapsedSeconds() + or + key = "Extractor elapsed seconds" and value = c.getExtractorElapsedSeconds() + ) +} + from string key, float value where ( @@ -230,7 +238,8 @@ where ExprStatsReport::numberOfOk(key, value) or ExprStatsReport::numberOfNotOk(key, value) or ExprStatsReport::percentageOfOk(key, value) or - analyzerAssemblies(key, value) + analyzerAssemblies(key, value) or + timingValues(key, value) ) and /* Infinity */ value != 1.0 / 0.0 and From 4b0a217420706083dcf7ddc16ea34d5b3ad02848 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 15:22:39 +0100 Subject: [PATCH 18/30] C++: Don't emit destructor calls as part of 'TranslatedResultCopy' as this has already been done in some other 'TranslatedExpr'. --- .../cpp/ir/implementation/raw/internal/TranslatedExpr.qll | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll index 3f4039ebb346..a43595b08e08 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll @@ -538,6 +538,11 @@ class TranslatedResultCopy extends TranslatedExpr, TTranslatedResultCopy { final override predicate producesExprResult() { any() } private TranslatedCoreExpr getOperand() { result.getExpr() = expr } + + override predicate handlesDestructorsExplicitly() { + // The destructor calls will already have been generated by the translation of `expr`. + any() + } } class TranslatedCommaExpr extends TranslatedNonConstantExpr { From 67fb866efa8cc1f38bb8b0f0f5c1362cc19253b8 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 26 Apr 2024 16:38:39 +0200 Subject: [PATCH 19/30] C++: Update test results --- .../library-tests/ir/ir/PrintAST.expected | 44 ++-- .../library-tests/ir/ir/aliased_ir.expected | 206 +++++++++--------- .../test/library-tests/ir/ir/raw_ir.expected | 148 ++++++------- 3 files changed, 199 insertions(+), 199 deletions(-) diff --git a/cpp/ql/test/library-tests/ir/ir/PrintAST.expected b/cpp/ql/test/library-tests/ir/ir/PrintAST.expected index e0d2da046b2e..28c1398d90bc 100644 --- a/cpp/ql/test/library-tests/ir/ir/PrintAST.expected +++ b/cpp/ql/test/library-tests/ir/ir/PrintAST.expected @@ -19565,12 +19565,6 @@ ir.cpp: # 2216| Type = [PlainCharType] char # 2216| Value = [CharLiteral] 97 # 2216| ValueCategory = prvalue -# 2215| getImplicitDestructorCall(0): [DestructorCall] call to ~ClassWithDestructor -# 2215| Type = [VoidType] void -# 2215| ValueCategory = prvalue -# 2215| getQualifier(): [VariableAccess] y -# 2215| Type = [Class] ClassWithDestructor -# 2215| ValueCategory = lvalue # 2215| getImplicitDestructorCall(0): [DestructorCall] call to ~vector # 2215| Type = [VoidType] void # 2215| ValueCategory = prvalue @@ -19580,6 +19574,12 @@ ir.cpp: # 2215| getUpdate().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference) # 2215| Type = [ClassTemplateInstantiation,Struct] iterator # 2215| ValueCategory = lvalue +# 2215| getImplicitDestructorCall(0): [DestructorCall] call to ~ClassWithDestructor +# 2215| Type = [VoidType] void +# 2215| ValueCategory = prvalue +# 2215| getQualifier(): [VariableAccess] y +# 2215| Type = [Class] ClassWithDestructor +# 2215| ValueCategory = lvalue # 2218| getStmt(6): [RangeBasedForStmt] for(...:...) ... # 2218| getInitialization(): [DeclStmt] declaration # 2218| getDeclarationEntry(0): [VariableDeclarationEntry] definition of ys @@ -19746,12 +19746,6 @@ ir.cpp: # 2233| getQualifier(): [VariableAccess] x # 2233| Type = [Class] ClassWithDestructor # 2233| ValueCategory = lvalue -# 2218| getImplicitDestructorCall(0): [DestructorCall] call to ~ClassWithDestructor -# 2218| Type = [VoidType] void -# 2218| ValueCategory = prvalue -# 2218| getQualifier(): [VariableAccess] y -# 2218| Type = [Class] ClassWithDestructor -# 2218| ValueCategory = lvalue # 2218| getImplicitDestructorCall(0): [DestructorCall] call to ~vector # 2218| Type = [VoidType] void # 2218| ValueCategory = prvalue @@ -19761,6 +19755,12 @@ ir.cpp: # 2218| getUpdate().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference) # 2218| Type = [ClassTemplateInstantiation,Struct] iterator # 2218| ValueCategory = lvalue +# 2218| getImplicitDestructorCall(0): [DestructorCall] call to ~ClassWithDestructor +# 2218| Type = [VoidType] void +# 2218| ValueCategory = prvalue +# 2218| getQualifier(): [VariableAccess] y +# 2218| Type = [Class] ClassWithDestructor +# 2218| ValueCategory = lvalue # 2224| getStmt(7): [RangeBasedForStmt] for(...:...) ... # 2224| getInitialization(): [DeclStmt] declaration # 2224| getDeclarationEntry(0): [VariableDeclarationEntry] definition of ys @@ -20038,12 +20038,6 @@ ir.cpp: # 2232| getQualifier(): [VariableAccess] z1 # 2232| Type = [Class] ClassWithDestructor # 2232| ValueCategory = lvalue -# 2229| getImplicitDestructorCall(2): [DestructorCall] call to ~ClassWithDestructor -# 2229| Type = [VoidType] void -# 2229| ValueCategory = prvalue -# 2229| getQualifier(): [VariableAccess] y -# 2229| Type = [Class] ClassWithDestructor -# 2229| ValueCategory = lvalue # 2229| getImplicitDestructorCall(0): [DestructorCall] call to ~vector # 2229| Type = [VoidType] void # 2229| ValueCategory = prvalue @@ -20053,6 +20047,12 @@ ir.cpp: # 2229| getUpdate().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference) # 2229| Type = [ClassTemplateInstantiation,Struct] iterator # 2229| ValueCategory = lvalue +# 2229| getImplicitDestructorCall(0): [DestructorCall] call to ~ClassWithDestructor +# 2229| Type = [VoidType] void +# 2229| ValueCategory = prvalue +# 2229| getQualifier(): [VariableAccess] y +# 2229| Type = [Class] ClassWithDestructor +# 2229| ValueCategory = lvalue # 2233| getStmt(9): [ReturnStmt] return ... # 2233| getImplicitDestructorCall(0): [DestructorCall] call to ~ClassWithDestructor # 2233| Type = [VoidType] void @@ -20662,15 +20662,15 @@ ir.cpp: # 2309| getQualifier(): [VariableAccess] s2 # 2309| Type = [Struct] String # 2309| ValueCategory = lvalue -# 2307| getImplicitDestructorCall(1): [DestructorCall] call to ~String +# 2307| getUpdate().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference) +# 2307| Type = [ClassTemplateInstantiation,Struct] iterator +# 2307| ValueCategory = lvalue +# 2307| getImplicitDestructorCall(0): [DestructorCall] call to ~String # 2307| Type = [VoidType] void # 2307| ValueCategory = prvalue # 2307| getQualifier(): [VariableAccess] s # 2307| Type = [Struct] String # 2307| ValueCategory = lvalue -# 2307| getUpdate().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference) -# 2307| Type = [ClassTemplateInstantiation,Struct] iterator -# 2307| ValueCategory = lvalue # 2311| getStmt(3): [ForStmt] for(...;...;...) ... # 2311| getInitialization(): [DeclStmt] declaration # 2311| getDeclarationEntry(0): [VariableDeclarationEntry] definition of s diff --git a/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected b/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected index 3d3a56e790e9..68e5d36d2062 100644 --- a/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected +++ b/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected @@ -15372,7 +15372,7 @@ ir.cpp: #-----| True -> Block 2 # 2198| Block 1 -# 2198| m2198_9(unknown) = Phi : from 13:~m2233_5, from 19:~m2233_13, from 23:~m2233_22 +# 2198| m2198_9(unknown) = Phi : from 14:~m2233_5, from 19:~m2233_13, from 23:~m2233_22 # 2198| v2198_10(void) = ReturnVoid : # 2198| v2198_11(void) = AliasedUse : ~m2198_9 # 2198| v2198_12(void) = ExitFunction : @@ -15524,8 +15524,8 @@ ir.cpp: #-----| Goto -> Block 8 # 2215| Block 8 -# 2215| m2215_40(iterator) = Phi : from 7:m2215_32, from 9:m2215_72 -# 2215| m2215_41(unknown) = Phi : from 7:~m2215_39, from 9:~m2215_63 +# 2215| m2215_40(iterator) = Phi : from 7:m2215_32, from 9:m2215_64 +# 2215| m2215_41(unknown) = Phi : from 7:~m2215_39, from 9:~m2215_69 # 2215| r2215_42(glval>) = VariableAddress[(__begin)] : #-----| r0_7(glval>) = Convert : r2215_42 # 2215| r2215_43(glval) = FunctionAddress[operator!=] : @@ -15567,21 +15567,21 @@ ir.cpp: # 2216| v2216_7(void) = ^IndirectReadSideEffect[-1] : &:r2216_1, m2215_58 # 2216| m2216_8(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2216_1 # 2216| m2216_9(ClassWithDestructor) = Chi : total:m2215_58, partial:m2216_8 -# 2215| r2215_59(glval) = VariableAddress[y] : -# 2215| r2215_60(glval) = FunctionAddress[~ClassWithDestructor] : -# 2215| v2215_61(void) = Call[~ClassWithDestructor] : func:r2215_60, this:r2215_59 -# 2215| m2215_62(unknown) = ^CallSideEffect : ~m2216_6 -# 2215| m2215_63(unknown) = Chi : total:m2216_6, partial:m2215_62 -# 2215| v2215_64(void) = ^IndirectReadSideEffect[-1] : &:r2215_59, m2216_9 -# 2215| m2215_65(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2215_59 -# 2215| m2215_66(ClassWithDestructor) = Chi : total:m2216_9, partial:m2215_65 -# 2215| r2215_67(glval>) = VariableAddress[(__begin)] : -# 2215| r2215_68(glval) = FunctionAddress[operator++] : -# 2215| r2215_69(iterator &) = Call[operator++] : func:r2215_68, this:r2215_67 -# 2215| v2215_70(void) = ^IndirectReadSideEffect[-1] : &:r2215_67, m2215_40 -# 2215| m2215_71(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2215_67 -# 2215| m2215_72(iterator) = Chi : total:m2215_40, partial:m2215_71 -# 2215| r2215_73(glval>) = CopyValue : r2215_69 +# 2215| r2215_59(glval>) = VariableAddress[(__begin)] : +# 2215| r2215_60(glval) = FunctionAddress[operator++] : +# 2215| r2215_61(iterator &) = Call[operator++] : func:r2215_60, this:r2215_59 +# 2215| v2215_62(void) = ^IndirectReadSideEffect[-1] : &:r2215_59, m2215_40 +# 2215| m2215_63(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2215_59 +# 2215| m2215_64(iterator) = Chi : total:m2215_40, partial:m2215_63 +# 2215| r2215_65(glval) = VariableAddress[y] : +# 2215| r2215_66(glval) = FunctionAddress[~ClassWithDestructor] : +# 2215| v2215_67(void) = Call[~ClassWithDestructor] : func:r2215_66, this:r2215_65 +# 2215| m2215_68(unknown) = ^CallSideEffect : ~m2216_6 +# 2215| m2215_69(unknown) = Chi : total:m2216_6, partial:m2215_68 +# 2215| v2215_70(void) = ^IndirectReadSideEffect[-1] : &:r2215_65, m2216_9 +# 2215| m2215_71(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2215_65 +# 2215| m2215_72(ClassWithDestructor) = Chi : total:m2216_9, partial:m2215_71 +# 2215| r2215_73(glval>) = CopyValue : r2215_61 #-----| Goto (back edge) -> Block 8 # 2218| Block 10 @@ -15633,8 +15633,8 @@ ir.cpp: #-----| Goto -> Block 11 # 2218| Block 11 -# 2218| m2218_40(iterator) = Phi : from 10:m2218_32, from 14:m2218_88 -# 2218| m2218_41(unknown) = Phi : from 10:~m2218_39, from 14:~m2218_79 +# 2218| m2218_40(iterator) = Phi : from 10:m2218_32, from 12:m2218_58 +# 2218| m2218_41(unknown) = Phi : from 10:~m2218_39, from 12:~m2218_63 # 2218| r2218_42(glval>) = VariableAddress[(__begin)] : #-----| r0_24(glval>) = Convert : r2218_42 # 2218| r2218_43(glval) = FunctionAddress[operator!=] : @@ -15656,26 +15656,44 @@ ir.cpp: #-----| v0_32(void) = ^IndirectReadSideEffect[-1] : &:r0_24, m2218_40 # 2218| v2218_52(void) = ConditionalBranch : r2218_51 #-----| False -> Block 15 -#-----| True -> Block 12 +#-----| True -> Block 13 # 2218| Block 12 -# 2218| r2218_53(glval) = VariableAddress[y] : -# 2218| r2218_54(glval>) = VariableAddress[(__begin)] : -#-----| r0_33(glval>) = Convert : r2218_54 -# 2218| r2218_55(glval) = FunctionAddress[operator*] : -# 2218| r2218_56(ClassWithDestructor &) = Call[operator*] : func:r2218_55, this:r0_33 +# 2218| r2218_53(glval>) = VariableAddress[(__begin)] : +# 2218| r2218_54(glval) = FunctionAddress[operator++] : +# 2218| r2218_55(iterator &) = Call[operator++] : func:r2218_54, this:r2218_53 +# 2218| v2218_56(void) = ^IndirectReadSideEffect[-1] : &:r2218_53, m2218_40 +# 2218| m2218_57(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2218_53 +# 2218| m2218_58(iterator) = Chi : total:m2218_40, partial:m2218_57 +# 2218| r2218_59(glval) = VariableAddress[y] : +# 2218| r2218_60(glval) = FunctionAddress[~ClassWithDestructor] : +# 2218| v2218_61(void) = Call[~ClassWithDestructor] : func:r2218_60, this:r2218_59 +# 2218| m2218_62(unknown) = ^CallSideEffect : ~m2220_5 +# 2218| m2218_63(unknown) = Chi : total:m2220_5, partial:m2218_62 +# 2218| v2218_64(void) = ^IndirectReadSideEffect[-1] : &:r2218_59, m2220_8 +# 2218| m2218_65(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2218_59 +# 2218| m2218_66(ClassWithDestructor) = Chi : total:m2220_8, partial:m2218_65 +# 2218| r2218_67(glval>) = CopyValue : r2218_55 +#-----| Goto (back edge) -> Block 11 + +# 2218| Block 13 +# 2218| r2218_68(glval) = VariableAddress[y] : +# 2218| r2218_69(glval>) = VariableAddress[(__begin)] : +#-----| r0_33(glval>) = Convert : r2218_69 +# 2218| r2218_70(glval) = FunctionAddress[operator*] : +# 2218| r2218_71(ClassWithDestructor &) = Call[operator*] : func:r2218_70, this:r0_33 #-----| v0_34(void) = ^IndirectReadSideEffect[-1] : &:r0_33, m2218_40 -# 2218| r2218_57(ClassWithDestructor) = Load[?] : &:r2218_56, ~m2218_50 -# 2218| m2218_58(ClassWithDestructor) = Store[y] : &:r2218_53, r2218_57 +# 2218| r2218_72(ClassWithDestructor) = Load[?] : &:r2218_71, ~m2218_50 +# 2218| m2218_73(ClassWithDestructor) = Store[y] : &:r2218_68, r2218_72 # 2219| r2219_1(glval) = VariableAddress[y] : # 2219| r2219_2(glval) = FunctionAddress[set_x] : # 2219| r2219_3(char) = Constant[97] : # 2219| v2219_4(void) = Call[set_x] : func:r2219_2, this:r2219_1, 0:r2219_3 # 2219| m2219_5(unknown) = ^CallSideEffect : ~m2218_50 # 2219| m2219_6(unknown) = Chi : total:m2218_50, partial:m2219_5 -# 2219| v2219_7(void) = ^IndirectReadSideEffect[-1] : &:r2219_1, m2218_58 +# 2219| v2219_7(void) = ^IndirectReadSideEffect[-1] : &:r2219_1, m2218_73 # 2219| m2219_8(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2219_1 -# 2219| m2219_9(ClassWithDestructor) = Chi : total:m2218_58, partial:m2219_8 +# 2219| m2219_9(ClassWithDestructor) = Chi : total:m2218_73, partial:m2219_8 # 2220| r2220_1(glval) = VariableAddress[y] : # 2220| r2220_2(glval) = FunctionAddress[get_x] : # 2220| r2220_3(char) = Call[get_x] : func:r2220_2, this:r2220_1 @@ -15688,55 +15706,37 @@ ir.cpp: # 2220| r2220_10(int) = Constant[98] : # 2220| r2220_11(bool) = CompareEQ : r2220_9, r2220_10 # 2220| v2220_12(void) = ConditionalBranch : r2220_11 -#-----| False -> Block 14 -#-----| True -> Block 13 +#-----| False -> Block 12 +#-----| True -> Block 14 -# 2221| Block 13 +# 2221| Block 14 # 2221| v2221_1(void) = NoOp : -# 2218| r2218_59(glval) = VariableAddress[y] : -# 2218| r2218_60(glval) = FunctionAddress[~ClassWithDestructor] : -# 2218| v2218_61(void) = Call[~ClassWithDestructor] : func:r2218_60, this:r2218_59 -# 2218| m2218_62(unknown) = ^CallSideEffect : ~m2220_5 -# 2218| m2218_63(unknown) = Chi : total:m2220_5, partial:m2218_62 -# 2218| v2218_64(void) = ^IndirectReadSideEffect[-1] : &:r2218_59, m2220_8 -# 2218| m2218_65(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2218_59 -# 2218| m2218_66(ClassWithDestructor) = Chi : total:m2220_8, partial:m2218_65 -# 2218| r2218_67(glval>) = VariableAddress[ys] : -# 2218| r2218_68(glval) = FunctionAddress[~vector] : -# 2218| v2218_69(void) = Call[~vector] : func:r2218_68, this:r2218_67 -# 2218| m2218_70(unknown) = ^CallSideEffect : ~m2218_63 -# 2218| m2218_71(unknown) = Chi : total:m2218_63, partial:m2218_70 -# 2218| v2218_72(void) = ^IndirectReadSideEffect[-1] : &:r2218_67, ~m2218_71 -# 2218| m2218_73(vector) = ^IndirectMayWriteSideEffect[-1] : &:r2218_67 -# 2218| m2218_74(unknown) = Chi : total:m2218_71, partial:m2218_73 +# 2218| r2218_74(glval) = VariableAddress[y] : +# 2218| r2218_75(glval) = FunctionAddress[~ClassWithDestructor] : +# 2218| v2218_76(void) = Call[~ClassWithDestructor] : func:r2218_75, this:r2218_74 +# 2218| m2218_77(unknown) = ^CallSideEffect : ~m2220_5 +# 2218| m2218_78(unknown) = Chi : total:m2220_5, partial:m2218_77 +# 2218| v2218_79(void) = ^IndirectReadSideEffect[-1] : &:r2218_74, m2220_8 +# 2218| m2218_80(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2218_74 +# 2218| m2218_81(ClassWithDestructor) = Chi : total:m2220_8, partial:m2218_80 +# 2218| r2218_82(glval>) = VariableAddress[ys] : +# 2218| r2218_83(glval) = FunctionAddress[~vector] : +# 2218| v2218_84(void) = Call[~vector] : func:r2218_83, this:r2218_82 +# 2218| m2218_85(unknown) = ^CallSideEffect : ~m2218_78 +# 2218| m2218_86(unknown) = Chi : total:m2218_78, partial:m2218_85 +# 2218| v2218_87(void) = ^IndirectReadSideEffect[-1] : &:r2218_82, ~m2218_86 +# 2218| m2218_88(vector) = ^IndirectMayWriteSideEffect[-1] : &:r2218_82 +# 2218| m2218_89(unknown) = Chi : total:m2218_86, partial:m2218_88 # 2233| r2233_1(glval) = VariableAddress[x] : # 2233| r2233_2(glval) = FunctionAddress[~ClassWithDestructor] : # 2233| v2233_3(void) = Call[~ClassWithDestructor] : func:r2233_2, this:r2233_1 -# 2233| m2233_4(unknown) = ^CallSideEffect : ~m2218_74 -# 2233| m2233_5(unknown) = Chi : total:m2218_74, partial:m2233_4 +# 2233| m2233_4(unknown) = ^CallSideEffect : ~m2218_89 +# 2233| m2233_5(unknown) = Chi : total:m2218_89, partial:m2233_4 # 2233| v2233_6(void) = ^IndirectReadSideEffect[-1] : &:r2233_1, m2214_8 # 2233| m2233_7(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2233_1 # 2233| m2233_8(ClassWithDestructor) = Chi : total:m2214_8, partial:m2233_7 #-----| Goto -> Block 1 -# 2218| Block 14 -# 2218| r2218_75(glval) = VariableAddress[y] : -# 2218| r2218_76(glval) = FunctionAddress[~ClassWithDestructor] : -# 2218| v2218_77(void) = Call[~ClassWithDestructor] : func:r2218_76, this:r2218_75 -# 2218| m2218_78(unknown) = ^CallSideEffect : ~m2220_5 -# 2218| m2218_79(unknown) = Chi : total:m2220_5, partial:m2218_78 -# 2218| v2218_80(void) = ^IndirectReadSideEffect[-1] : &:r2218_75, m2220_8 -# 2218| m2218_81(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2218_75 -# 2218| m2218_82(ClassWithDestructor) = Chi : total:m2220_8, partial:m2218_81 -# 2218| r2218_83(glval>) = VariableAddress[(__begin)] : -# 2218| r2218_84(glval) = FunctionAddress[operator++] : -# 2218| r2218_85(iterator &) = Call[operator++] : func:r2218_84, this:r2218_83 -# 2218| v2218_86(void) = ^IndirectReadSideEffect[-1] : &:r2218_83, m2218_40 -# 2218| m2218_87(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2218_83 -# 2218| m2218_88(iterator) = Chi : total:m2218_40, partial:m2218_87 -# 2218| r2218_89(glval>) = CopyValue : r2218_85 -#-----| Goto (back edge) -> Block 11 - # 2224| Block 15 # 2224| r2224_1(glval>) = VariableAddress[ys] : # 2224| m2224_2(vector) = Uninitialized[ys] : &:r2224_1 @@ -15895,8 +15895,8 @@ ir.cpp: #-----| Goto -> Block 21 # 2229| Block 21 -# 2229| m2229_40(iterator) = Phi : from 20:m2229_32, from 22:m2229_72 -# 2229| m2229_41(unknown) = Phi : from 20:~m2229_39, from 22:~m2229_63 +# 2229| m2229_40(iterator) = Phi : from 20:m2229_32, from 22:m2229_64 +# 2229| m2229_41(unknown) = Phi : from 20:~m2229_39, from 22:~m2229_69 # 2229| r2229_42(glval>) = VariableAddress[(__begin)] : #-----| r0_58(glval>) = Convert : r2229_42 # 2229| r2229_43(glval) = FunctionAddress[operator!=] : @@ -15961,21 +15961,21 @@ ir.cpp: # 2232| v2232_14(void) = ^IndirectReadSideEffect[-1] : &:r2232_9, m2230_8 # 2232| m2232_15(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2232_9 # 2232| m2232_16(ClassWithDestructor) = Chi : total:m2230_8, partial:m2232_15 -# 2229| r2229_59(glval) = VariableAddress[y] : -# 2229| r2229_60(glval) = FunctionAddress[~ClassWithDestructor] : -# 2229| v2229_61(void) = Call[~ClassWithDestructor] : func:r2229_60, this:r2229_59 -# 2229| m2229_62(unknown) = ^CallSideEffect : ~m2232_13 -# 2229| m2229_63(unknown) = Chi : total:m2232_13, partial:m2229_62 -# 2229| v2229_64(void) = ^IndirectReadSideEffect[-1] : &:r2229_59, m2229_58 -# 2229| m2229_65(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2229_59 -# 2229| m2229_66(ClassWithDestructor) = Chi : total:m2229_58, partial:m2229_65 -# 2229| r2229_67(glval>) = VariableAddress[(__begin)] : -# 2229| r2229_68(glval) = FunctionAddress[operator++] : -# 2229| r2229_69(iterator &) = Call[operator++] : func:r2229_68, this:r2229_67 -# 2229| v2229_70(void) = ^IndirectReadSideEffect[-1] : &:r2229_67, m2229_40 -# 2229| m2229_71(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2229_67 -# 2229| m2229_72(iterator) = Chi : total:m2229_40, partial:m2229_71 -# 2229| r2229_73(glval>) = CopyValue : r2229_69 +# 2229| r2229_59(glval>) = VariableAddress[(__begin)] : +# 2229| r2229_60(glval) = FunctionAddress[operator++] : +# 2229| r2229_61(iterator &) = Call[operator++] : func:r2229_60, this:r2229_59 +# 2229| v2229_62(void) = ^IndirectReadSideEffect[-1] : &:r2229_59, m2229_40 +# 2229| m2229_63(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2229_59 +# 2229| m2229_64(iterator) = Chi : total:m2229_40, partial:m2229_63 +# 2229| r2229_65(glval) = VariableAddress[y] : +# 2229| r2229_66(glval) = FunctionAddress[~ClassWithDestructor] : +# 2229| v2229_67(void) = Call[~ClassWithDestructor] : func:r2229_66, this:r2229_65 +# 2229| m2229_68(unknown) = ^CallSideEffect : ~m2232_13 +# 2229| m2229_69(unknown) = Chi : total:m2232_13, partial:m2229_68 +# 2229| v2229_70(void) = ^IndirectReadSideEffect[-1] : &:r2229_65, m2229_58 +# 2229| m2229_71(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2229_65 +# 2229| m2229_72(ClassWithDestructor) = Chi : total:m2229_58, partial:m2229_71 +# 2229| r2229_73(glval>) = CopyValue : r2229_61 #-----| Goto (back edge) -> Block 21 # 2233| Block 23 @@ -16684,8 +16684,8 @@ ir.cpp: #-----| Goto -> Block 4 # 2307| Block 4 -# 2307| m2307_47(iterator) = Phi : from 3:m2307_39, from 5:m2307_89 -# 2307| m2307_48(unknown) = Phi : from 3:~m2307_46, from 5:~m2307_83 +# 2307| m2307_47(iterator) = Phi : from 3:m2307_39, from 5:m2307_81 +# 2307| m2307_48(unknown) = Phi : from 3:~m2307_46, from 5:~m2307_89 # 2307| r2307_49(glval>) = VariableAddress[(__begin)] : #-----| r0_7(glval>) = Convert : r2307_49 # 2307| r2307_50(glval) = FunctionAddress[operator!=] : @@ -16745,21 +16745,21 @@ ir.cpp: # 2309| v2309_6(void) = ^IndirectReadSideEffect[-1] : &:r2309_1, ~m2309_5 # 2309| m2309_7(String) = ^IndirectMayWriteSideEffect[-1] : &:r2309_1 # 2309| m2309_8(unknown) = Chi : total:m2309_5, partial:m2309_7 -# 2307| r2307_76(glval) = VariableAddress[s] : -# 2307| r2307_77(glval) = FunctionAddress[~String] : -# 2307| v2307_78(void) = Call[~String] : func:r2307_77, this:r2307_76 -# 2307| m2307_79(unknown) = ^CallSideEffect : ~m2309_8 -# 2307| m2307_80(unknown) = Chi : total:m2309_8, partial:m2307_79 -# 2307| v2307_81(void) = ^IndirectReadSideEffect[-1] : &:r2307_76, ~m2307_80 -# 2307| m2307_82(String) = ^IndirectMayWriteSideEffect[-1] : &:r2307_76 -# 2307| m2307_83(unknown) = Chi : total:m2307_80, partial:m2307_82 -# 2307| r2307_84(glval>) = VariableAddress[(__begin)] : -# 2307| r2307_85(glval) = FunctionAddress[operator++] : -# 2307| r2307_86(iterator &) = Call[operator++] : func:r2307_85, this:r2307_84 -# 2307| v2307_87(void) = ^IndirectReadSideEffect[-1] : &:r2307_84, m2307_47 -# 2307| m2307_88(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2307_84 -# 2307| m2307_89(iterator) = Chi : total:m2307_47, partial:m2307_88 -# 2307| r2307_90(glval>) = CopyValue : r2307_86 +# 2307| r2307_76(glval>) = VariableAddress[(__begin)] : +# 2307| r2307_77(glval) = FunctionAddress[operator++] : +# 2307| r2307_78(iterator &) = Call[operator++] : func:r2307_77, this:r2307_76 +# 2307| v2307_79(void) = ^IndirectReadSideEffect[-1] : &:r2307_76, m2307_47 +# 2307| m2307_80(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2307_76 +# 2307| m2307_81(iterator) = Chi : total:m2307_47, partial:m2307_80 +# 2307| r2307_82(glval) = VariableAddress[s] : +# 2307| r2307_83(glval) = FunctionAddress[~String] : +# 2307| v2307_84(void) = Call[~String] : func:r2307_83, this:r2307_82 +# 2307| m2307_85(unknown) = ^CallSideEffect : ~m2309_8 +# 2307| m2307_86(unknown) = Chi : total:m2309_8, partial:m2307_85 +# 2307| v2307_87(void) = ^IndirectReadSideEffect[-1] : &:r2307_82, ~m2307_86 +# 2307| m2307_88(String) = ^IndirectMayWriteSideEffect[-1] : &:r2307_82 +# 2307| m2307_89(unknown) = Chi : total:m2307_86, partial:m2307_88 +# 2307| r2307_90(glval>) = CopyValue : r2307_78 #-----| Goto (back edge) -> Block 4 # 2311| Block 6 diff --git a/cpp/ql/test/library-tests/ir/ir/raw_ir.expected b/cpp/ql/test/library-tests/ir/ir/raw_ir.expected index 6ff42a28cb35..aadcd33f5104 100644 --- a/cpp/ql/test/library-tests/ir/ir/raw_ir.expected +++ b/cpp/ql/test/library-tests/ir/ir/raw_ir.expected @@ -14325,18 +14325,18 @@ ir.cpp: # 2216| mu2216_5(unknown) = ^CallSideEffect : ~m? # 2216| v2216_6(void) = ^IndirectReadSideEffect[-1] : &:r2216_1, ~m? # 2216| mu2216_7(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2216_1 -# 2215| r2215_49(glval) = VariableAddress[y] : -# 2215| r2215_50(glval) = FunctionAddress[~ClassWithDestructor] : -# 2215| v2215_51(void) = Call[~ClassWithDestructor] : func:r2215_50, this:r2215_49 -# 2215| mu2215_52(unknown) = ^CallSideEffect : ~m? -# 2215| v2215_53(void) = ^IndirectReadSideEffect[-1] : &:r2215_49, ~m? -# 2215| mu2215_54(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2215_49 -# 2215| r2215_55(glval>) = VariableAddress[(__begin)] : -# 2215| r2215_56(glval) = FunctionAddress[operator++] : -# 2215| r2215_57(iterator &) = Call[operator++] : func:r2215_56, this:r2215_55 -# 2215| v2215_58(void) = ^IndirectReadSideEffect[-1] : &:r2215_55, ~m? -# 2215| mu2215_59(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2215_55 -# 2215| r2215_60(glval>) = CopyValue : r2215_57 +# 2215| r2215_49(glval>) = VariableAddress[(__begin)] : +# 2215| r2215_50(glval) = FunctionAddress[operator++] : +# 2215| r2215_51(iterator &) = Call[operator++] : func:r2215_50, this:r2215_49 +# 2215| v2215_52(void) = ^IndirectReadSideEffect[-1] : &:r2215_49, ~m? +# 2215| mu2215_53(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2215_49 +# 2215| r2215_54(glval) = VariableAddress[y] : +# 2215| r2215_55(glval) = FunctionAddress[~ClassWithDestructor] : +# 2215| v2215_56(void) = Call[~ClassWithDestructor] : func:r2215_55, this:r2215_54 +# 2215| mu2215_57(unknown) = ^CallSideEffect : ~m? +# 2215| v2215_58(void) = ^IndirectReadSideEffect[-1] : &:r2215_54, ~m? +# 2215| mu2215_59(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2215_54 +# 2215| r2215_60(glval>) = CopyValue : r2215_51 #-----| Goto (back edge) -> Block 11 # 2215| Block 13 @@ -14409,17 +14409,32 @@ ir.cpp: #-----| v0_30(void) = ^IndirectReadSideEffect[-1] : &:r0_23, ~m? # 2218| v2218_42(void) = ConditionalBranch : r2218_41 #-----| False -> Block 20 -#-----| True -> Block 16 +#-----| True -> Block 17 # 2218| Block 16 -# 2218| r2218_43(glval) = VariableAddress[y] : -# 2218| r2218_44(glval>) = VariableAddress[(__begin)] : -#-----| r0_31(glval>) = Convert : r2218_44 -# 2218| r2218_45(glval) = FunctionAddress[operator*] : -# 2218| r2218_46(ClassWithDestructor &) = Call[operator*] : func:r2218_45, this:r0_31 +# 2218| r2218_43(glval>) = VariableAddress[(__begin)] : +# 2218| r2218_44(glval) = FunctionAddress[operator++] : +# 2218| r2218_45(iterator &) = Call[operator++] : func:r2218_44, this:r2218_43 +# 2218| v2218_46(void) = ^IndirectReadSideEffect[-1] : &:r2218_43, ~m? +# 2218| mu2218_47(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2218_43 +# 2218| r2218_48(glval) = VariableAddress[y] : +# 2218| r2218_49(glval) = FunctionAddress[~ClassWithDestructor] : +# 2218| v2218_50(void) = Call[~ClassWithDestructor] : func:r2218_49, this:r2218_48 +# 2218| mu2218_51(unknown) = ^CallSideEffect : ~m? +# 2218| v2218_52(void) = ^IndirectReadSideEffect[-1] : &:r2218_48, ~m? +# 2218| mu2218_53(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2218_48 +# 2218| r2218_54(glval>) = CopyValue : r2218_45 +#-----| Goto (back edge) -> Block 15 + +# 2218| Block 17 +# 2218| r2218_55(glval) = VariableAddress[y] : +# 2218| r2218_56(glval>) = VariableAddress[(__begin)] : +#-----| r0_31(glval>) = Convert : r2218_56 +# 2218| r2218_57(glval) = FunctionAddress[operator*] : +# 2218| r2218_58(ClassWithDestructor &) = Call[operator*] : func:r2218_57, this:r0_31 #-----| v0_32(void) = ^IndirectReadSideEffect[-1] : &:r0_31, ~m? -# 2218| r2218_47(ClassWithDestructor) = Load[?] : &:r2218_46, ~m? -# 2218| mu2218_48(ClassWithDestructor) = Store[y] : &:r2218_43, r2218_47 +# 2218| r2218_59(ClassWithDestructor) = Load[?] : &:r2218_58, ~m? +# 2218| mu2218_60(ClassWithDestructor) = Store[y] : &:r2218_55, r2218_59 # 2219| r2219_1(glval) = VariableAddress[y] : # 2219| r2219_2(glval) = FunctionAddress[set_x] : # 2219| r2219_3(char) = Constant[97] : @@ -14437,23 +14452,23 @@ ir.cpp: # 2220| r2220_8(int) = Constant[98] : # 2220| r2220_9(bool) = CompareEQ : r2220_7, r2220_8 # 2220| v2220_10(void) = ConditionalBranch : r2220_9 -#-----| False -> Block 18 -#-----| True -> Block 17 +#-----| False -> Block 16 +#-----| True -> Block 18 -# 2221| Block 17 +# 2221| Block 18 # 2221| v2221_1(void) = NoOp : -# 2218| r2218_49(glval) = VariableAddress[y] : -# 2218| r2218_50(glval) = FunctionAddress[~ClassWithDestructor] : -# 2218| v2218_51(void) = Call[~ClassWithDestructor] : func:r2218_50, this:r2218_49 -# 2218| mu2218_52(unknown) = ^CallSideEffect : ~m? -# 2218| v2218_53(void) = ^IndirectReadSideEffect[-1] : &:r2218_49, ~m? -# 2218| mu2218_54(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2218_49 -# 2218| r2218_55(glval>) = VariableAddress[ys] : -# 2218| r2218_56(glval) = FunctionAddress[~vector] : -# 2218| v2218_57(void) = Call[~vector] : func:r2218_56, this:r2218_55 -# 2218| mu2218_58(unknown) = ^CallSideEffect : ~m? -# 2218| v2218_59(void) = ^IndirectReadSideEffect[-1] : &:r2218_55, ~m? -# 2218| mu2218_60(vector) = ^IndirectMayWriteSideEffect[-1] : &:r2218_55 +# 2218| r2218_61(glval) = VariableAddress[y] : +# 2218| r2218_62(glval) = FunctionAddress[~ClassWithDestructor] : +# 2218| v2218_63(void) = Call[~ClassWithDestructor] : func:r2218_62, this:r2218_61 +# 2218| mu2218_64(unknown) = ^CallSideEffect : ~m? +# 2218| v2218_65(void) = ^IndirectReadSideEffect[-1] : &:r2218_61, ~m? +# 2218| mu2218_66(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2218_61 +# 2218| r2218_67(glval>) = VariableAddress[ys] : +# 2218| r2218_68(glval) = FunctionAddress[~vector] : +# 2218| v2218_69(void) = Call[~vector] : func:r2218_68, this:r2218_67 +# 2218| mu2218_70(unknown) = ^CallSideEffect : ~m? +# 2218| v2218_71(void) = ^IndirectReadSideEffect[-1] : &:r2218_67, ~m? +# 2218| mu2218_72(vector) = ^IndirectMayWriteSideEffect[-1] : &:r2218_67 # 2233| r2233_1(glval) = VariableAddress[x] : # 2233| r2233_2(glval) = FunctionAddress[~ClassWithDestructor] : # 2233| v2233_3(void) = Call[~ClassWithDestructor] : func:r2233_2, this:r2233_1 @@ -14462,21 +14477,6 @@ ir.cpp: # 2233| mu2233_6(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2233_1 #-----| Goto -> Block 1 -# 2218| Block 18 -# 2218| r2218_61(glval) = VariableAddress[y] : -# 2218| r2218_62(glval) = FunctionAddress[~ClassWithDestructor] : -# 2218| v2218_63(void) = Call[~ClassWithDestructor] : func:r2218_62, this:r2218_61 -# 2218| mu2218_64(unknown) = ^CallSideEffect : ~m? -# 2218| v2218_65(void) = ^IndirectReadSideEffect[-1] : &:r2218_61, ~m? -# 2218| mu2218_66(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2218_61 -# 2218| r2218_67(glval>) = VariableAddress[(__begin)] : -# 2218| r2218_68(glval) = FunctionAddress[operator++] : -# 2218| r2218_69(iterator &) = Call[operator++] : func:r2218_68, this:r2218_67 -# 2218| v2218_70(void) = ^IndirectReadSideEffect[-1] : &:r2218_67, ~m? -# 2218| mu2218_71(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2218_67 -# 2218| r2218_72(glval>) = CopyValue : r2218_69 -#-----| Goto (back edge) -> Block 15 - # 2218| Block 19 # 2218| r2218_73(glval>) = VariableAddress[ys] : # 2218| r2218_74(glval) = FunctionAddress[~vector] : @@ -14686,18 +14686,18 @@ ir.cpp: # 2232| mu2232_10(unknown) = ^CallSideEffect : ~m? # 2232| v2232_11(void) = ^IndirectReadSideEffect[-1] : &:r2232_7, ~m? # 2232| mu2232_12(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2232_7 -# 2229| r2229_49(glval) = VariableAddress[y] : -# 2229| r2229_50(glval) = FunctionAddress[~ClassWithDestructor] : -# 2229| v2229_51(void) = Call[~ClassWithDestructor] : func:r2229_50, this:r2229_49 -# 2229| mu2229_52(unknown) = ^CallSideEffect : ~m? -# 2229| v2229_53(void) = ^IndirectReadSideEffect[-1] : &:r2229_49, ~m? -# 2229| mu2229_54(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2229_49 -# 2229| r2229_55(glval>) = VariableAddress[(__begin)] : -# 2229| r2229_56(glval) = FunctionAddress[operator++] : -# 2229| r2229_57(iterator &) = Call[operator++] : func:r2229_56, this:r2229_55 -# 2229| v2229_58(void) = ^IndirectReadSideEffect[-1] : &:r2229_55, ~m? -# 2229| mu2229_59(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2229_55 -# 2229| r2229_60(glval>) = CopyValue : r2229_57 +# 2229| r2229_49(glval>) = VariableAddress[(__begin)] : +# 2229| r2229_50(glval) = FunctionAddress[operator++] : +# 2229| r2229_51(iterator &) = Call[operator++] : func:r2229_50, this:r2229_49 +# 2229| v2229_52(void) = ^IndirectReadSideEffect[-1] : &:r2229_49, ~m? +# 2229| mu2229_53(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2229_49 +# 2229| r2229_54(glval) = VariableAddress[y] : +# 2229| r2229_55(glval) = FunctionAddress[~ClassWithDestructor] : +# 2229| v2229_56(void) = Call[~ClassWithDestructor] : func:r2229_55, this:r2229_54 +# 2229| mu2229_57(unknown) = ^CallSideEffect : ~m? +# 2229| v2229_58(void) = ^IndirectReadSideEffect[-1] : &:r2229_54, ~m? +# 2229| mu2229_59(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2229_54 +# 2229| r2229_60(glval>) = CopyValue : r2229_51 #-----| Goto (back edge) -> Block 27 # 2229| Block 29 @@ -15339,18 +15339,18 @@ ir.cpp: # 2309| mu2309_4(unknown) = ^CallSideEffect : ~m? # 2309| v2309_5(void) = ^IndirectReadSideEffect[-1] : &:r2309_1, ~m? # 2309| mu2309_6(String) = ^IndirectMayWriteSideEffect[-1] : &:r2309_1 -# 2307| r2307_60(glval) = VariableAddress[s] : -# 2307| r2307_61(glval) = FunctionAddress[~String] : -# 2307| v2307_62(void) = Call[~String] : func:r2307_61, this:r2307_60 -# 2307| mu2307_63(unknown) = ^CallSideEffect : ~m? -# 2307| v2307_64(void) = ^IndirectReadSideEffect[-1] : &:r2307_60, ~m? -# 2307| mu2307_65(String) = ^IndirectMayWriteSideEffect[-1] : &:r2307_60 -# 2307| r2307_66(glval>) = VariableAddress[(__begin)] : -# 2307| r2307_67(glval) = FunctionAddress[operator++] : -# 2307| r2307_68(iterator &) = Call[operator++] : func:r2307_67, this:r2307_66 -# 2307| v2307_69(void) = ^IndirectReadSideEffect[-1] : &:r2307_66, ~m? -# 2307| mu2307_70(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2307_66 -# 2307| r2307_71(glval>) = CopyValue : r2307_68 +# 2307| r2307_60(glval>) = VariableAddress[(__begin)] : +# 2307| r2307_61(glval) = FunctionAddress[operator++] : +# 2307| r2307_62(iterator &) = Call[operator++] : func:r2307_61, this:r2307_60 +# 2307| v2307_63(void) = ^IndirectReadSideEffect[-1] : &:r2307_60, ~m? +# 2307| mu2307_64(iterator) = ^IndirectMayWriteSideEffect[-1] : &:r2307_60 +# 2307| r2307_65(glval) = VariableAddress[s] : +# 2307| r2307_66(glval) = FunctionAddress[~String] : +# 2307| v2307_67(void) = Call[~String] : func:r2307_66, this:r2307_65 +# 2307| mu2307_68(unknown) = ^CallSideEffect : ~m? +# 2307| v2307_69(void) = ^IndirectReadSideEffect[-1] : &:r2307_65, ~m? +# 2307| mu2307_70(String) = ^IndirectMayWriteSideEffect[-1] : &:r2307_65 +# 2307| r2307_71(glval>) = CopyValue : r2307_62 #-----| Goto (back edge) -> Block 4 # 2311| Block 6 From d6c57de6505a1528448089d98eef0523c171dcf6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 16:05:29 +0100 Subject: [PATCH 20/30] C++: Convert one of the tests to also test the 'absolute' versions of the GuardCondition predicates. --- .../controlflow/guards/GuardsEnsure.expected | 86 +++++++++++++++++++ .../controlflow/guards/GuardsEnsure.ql | 21 ++++- 2 files changed, 104 insertions(+), 3 deletions(-) diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected index e5328aefa629..cf5a6d2c73bd 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected @@ -1,3 +1,4 @@ +binary | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | < | test.c:7:13:7:13 | 0 | 1 | 10 | 11 | | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | >= | test.c:7:13:7:13 | 0 | 1 | 7 | 9 | | test.c:7:9:7:13 | ... > ... | test.c:7:13:7:13 | 0 | < | test.c:7:9:7:9 | x | 0 | 7 | 9 | @@ -154,3 +155,88 @@ | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | != | test.cpp:31:7:31:7 | x | 0 | 34 | 34 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | == | test.cpp:31:7:31:7 | x | 0 | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | == | test.cpp:31:7:31:7 | x | 0 | 31 | 32 | +unary +| test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | < | 1 | 10 | 11 | +| test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | >= | 1 | 7 | 9 | +| test.c:17:8:17:12 | ... < ... | test.c:17:8:17:8 | x | < | 0 | 17 | 17 | +| test.c:17:8:17:12 | ... < ... | test.c:17:8:17:8 | x | < | 0 | 18 | 18 | +| test.c:17:8:17:21 | ... && ... | test.c:17:8:17:8 | x | < | 0 | 18 | 18 | +| test.c:17:8:17:21 | ... && ... | test.c:17:17:17:17 | y | >= | 2 | 18 | 18 | +| test.c:17:17:17:21 | ... > ... | test.c:17:17:17:17 | y | >= | 2 | 18 | 18 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 2 | 2 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 31 | 34 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 34 | 34 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 39 | 42 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 42 | 42 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 42 | 44 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 45 | 45 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 45 | 47 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 51 | 53 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 56 | 58 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 58 | 58 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 58 | 66 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | 1 | 62 | 62 | +| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | >= | 1 | 26 | 28 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | < | 10 | 34 | 34 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 2 | 2 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 39 | 42 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 42 | 42 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 42 | 44 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 45 | 45 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 45 | 47 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 51 | 53 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 56 | 58 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 58 | 58 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 58 | 66 | +| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | 10 | 62 | 62 | +| test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | 10 | 42 | 42 | +| test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | 10 | 42 | 44 | +| test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | 10 | 45 | 45 | +| test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | 10 | 45 | 47 | +| test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | 10 | 51 | 53 | +| test.c:44:12:44:16 | ... > ... | test.c:44:12:44:12 | z | < | 1 | 42 | 42 | +| test.c:44:12:44:16 | ... > ... | test.c:44:12:44:12 | z | < | 1 | 51 | 53 | +| test.c:44:12:44:16 | ... > ... | test.c:44:12:44:12 | z | >= | 1 | 45 | 45 | +| test.c:44:12:44:16 | ... > ... | test.c:44:12:44:12 | z | >= | 1 | 45 | 47 | +| test.c:45:16:45:20 | ... > ... | test.c:45:16:45:16 | y | >= | 1 | 45 | 47 | +| test.c:58:9:58:14 | ... == ... | test.c:58:9:58:9 | x | != | 0 | 58 | 58 | +| test.c:58:9:58:14 | ... == ... | test.c:58:9:58:9 | x | != | 0 | 62 | 62 | +| test.c:58:9:58:23 | ... \|\| ... | test.c:58:9:58:9 | x | != | 0 | 62 | 62 | +| test.c:58:9:58:23 | ... \|\| ... | test.c:58:19:58:19 | y | >= | 0 | 62 | 62 | +| test.c:58:19:58:23 | ... < ... | test.c:58:19:58:19 | y | >= | 0 | 62 | 62 | +| test.c:75:9:75:14 | ... == ... | test.c:75:9:75:9 | x | != | 0 | 78 | 79 | +| test.c:75:9:75:14 | ... == ... | test.c:75:9:75:9 | x | == | 0 | 75 | 77 | +| test.c:85:8:85:13 | ... == ... | test.c:85:8:85:8 | x | == | 0 | 85 | 85 | +| test.c:85:8:85:13 | ... == ... | test.c:85:8:85:8 | x | == | 0 | 86 | 86 | +| test.c:85:8:85:23 | ... && ... | test.c:85:8:85:8 | x | == | 0 | 86 | 86 | +| test.c:85:8:85:23 | ... && ... | test.c:85:18:85:18 | y | != | 0 | 86 | 86 | +| test.c:85:18:85:23 | ... != ... | test.c:85:18:85:18 | y | != | 0 | 86 | 86 | +| test.c:94:11:94:16 | ... != ... | test.c:94:11:94:11 | x | != | 0 | 94 | 96 | +| test.c:94:11:94:16 | ... != ... | test.c:94:11:94:11 | x | == | 0 | 70 | 70 | +| test.c:94:11:94:16 | ... != ... | test.c:94:11:94:11 | x | == | 0 | 99 | 102 | +| test.c:94:11:94:16 | ... != ... | test.c:94:11:94:11 | x | == | 0 | 102 | 102 | +| test.c:94:11:94:16 | ... != ... | test.c:94:11:94:11 | x | == | 0 | 107 | 109 | +| test.c:94:11:94:16 | ... != ... | test.c:94:11:94:11 | x | == | 0 | 109 | 109 | +| test.c:94:11:94:16 | ... != ... | test.c:94:11:94:11 | x | == | 0 | 109 | 117 | +| test.c:94:11:94:16 | ... != ... | test.c:94:11:94:11 | x | == | 0 | 113 | 113 | +| test.c:102:16:102:21 | ... < ... | test.c:102:16:102:16 | j | < | 10 | 102 | 102 | +| test.c:102:16:102:21 | ... < ... | test.c:102:16:102:16 | j | >= | 10 | 70 | 70 | +| test.c:102:16:102:21 | ... < ... | test.c:102:16:102:16 | j | >= | 10 | 107 | 109 | +| test.c:102:16:102:21 | ... < ... | test.c:102:16:102:16 | j | >= | 10 | 109 | 109 | +| test.c:102:16:102:21 | ... < ... | test.c:102:16:102:16 | j | >= | 10 | 109 | 117 | +| test.c:102:16:102:21 | ... < ... | test.c:102:16:102:16 | j | >= | 10 | 113 | 113 | +| test.c:109:9:109:14 | ... == ... | test.c:109:9:109:9 | x | != | 0 | 109 | 109 | +| test.c:109:9:109:14 | ... == ... | test.c:109:9:109:9 | x | != | 0 | 113 | 113 | +| test.c:109:9:109:23 | ... \|\| ... | test.c:109:9:109:9 | x | != | 0 | 113 | 113 | +| test.c:109:9:109:23 | ... \|\| ... | test.c:109:19:109:19 | y | >= | 0 | 113 | 113 | +| test.c:109:19:109:23 | ... < ... | test.c:109:19:109:19 | y | >= | 0 | 113 | 113 | +| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 30 | 30 | +| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 34 | 34 | +| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | == | -1 | 30 | 30 | +| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | == | -1 | 31 | 32 | +| test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 0 | 62 | 64 | +| test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 1 | 65 | 66 | +| test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | < | 11 | 75 | 77 | +| test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | < | 21 | 78 | 79 | +| test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | >= | 0 | 75 | 77 | +| test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | >= | 11 | 78 | 79 | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.ql b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.ql index 94aaade03ed5..59f8a399c6d4 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.ql +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.ql @@ -7,8 +7,9 @@ import cpp import semmle.code.cpp.controlflow.Guards -from GuardCondition guard, Expr left, Expr right, int k, int start, int end, string op -where +query predicate binary( + GuardCondition guard, Expr left, string op, Expr right, int k, int start, int end +) { exists(BasicBlock block | guard.ensuresLt(left, right, k, block, true) and op = "<" or @@ -20,4 +21,18 @@ where | block.hasLocationInfo(_, start, _, end, _) ) -select guard, left, op, right, k, start, end +} + +query predicate unary(GuardCondition guard, Expr left, string op, int k, int start, int end) { + exists(BasicBlock block | + guard.ensuresLt(left, k, block, true) and op = "<" + or + guard.ensuresLt(left, k, block, false) and op = ">=" + or + guard.ensuresEq(left, k, block, true) and op = "==" + or + guard.ensuresEq(left, k, block, false) and op = "!=" + | + block.hasLocationInfo(_, start, _, end, _) + ) +} From 800d7546fa1b4976ccf0058aa103e829c901e782 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 26 Apr 2024 17:17:23 +0200 Subject: [PATCH 21/30] change all the change-notes to breaking --- cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 2 +- csharp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 2 +- go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 2 +- java/ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 2 +- .../ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 2 +- python/ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 2 +- ruby/ql/lib/change-notes/2024-04-26-outdated-deprecations.md | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md index 61a02a9613d4..642e3443640a 100644 --- a/cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md +++ b/cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -1,4 +1,4 @@ --- -category: minorAnalysis +category: breaking --- * Deleted the deprecated `GlobalValueNumberingImpl.qll` implementation. diff --git a/csharp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/csharp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md index 2ac740557260..314bb6e01fe3 100644 --- a/csharp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md +++ b/csharp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -1,5 +1,5 @@ --- -category: minorAnalysis +category: breaking --- * Deleted the deprecated `getAssemblyName` predicate from the `Operator` class. Use `getFunctionName` instead. * Deleted the deprecated `LShiftOperator`, `RShiftOperator`, `AssignLShiftExpr`, `AssignRShiftExpr`, `LShiftExpr`, and `RShiftExpr` aliases. diff --git a/go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md index 6723f78df122..2c7b522b792c 100644 --- a/go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md +++ b/go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -1,4 +1,4 @@ --- -category: minorAnalysis +category: breaking --- * Deleted the deprecated `CsvRemoteSource` alias. Use `MaDRemoteSource` instead. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/java/ql/lib/change-notes/2024-04-26-outdated-deprecations.md index de3190492d39..fb245f821a82 100644 --- a/java/ql/lib/change-notes/2024-04-26-outdated-deprecations.md +++ b/java/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -1,4 +1,4 @@ --- -category: minorAnalysis +category: breaking --- * Deleted the deprecated `AssignLShiftExpr`, `AssignRShiftExpr`, `AssignURShiftExpr`, `LShiftExpr`, `RShiftExpr`, and `URShiftExpr` aliases. diff --git a/javascript/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/javascript/ql/lib/change-notes/2024-04-26-outdated-deprecations.md index 36444c07ac77..59a90e91ec86 100644 --- a/javascript/ql/lib/change-notes/2024-04-26-outdated-deprecations.md +++ b/javascript/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -1,5 +1,5 @@ --- -category: minorAnalysis +category: breaking --- * Deleted the deprecated `getInput` predicate from the `CryptographicOperation` class. Use `getAnInput` instead. * Deleted the deprecated `RegExpPatterns` module from `Regexp.qll`. diff --git a/python/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/python/ql/lib/change-notes/2024-04-26-outdated-deprecations.md index 469060fd5be5..db64f0a98312 100644 --- a/python/ql/lib/change-notes/2024-04-26-outdated-deprecations.md +++ b/python/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -1,5 +1,5 @@ --- -category: minorAnalysis +category: breaking --- * Deleted the deprecated `RegExpPatterns` module from `Regexp.qll`. * Deleted the deprecated `Security/CWE-020/HostnameRegexpShared.qll` file. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-04-26-outdated-deprecations.md b/ruby/ql/lib/change-notes/2024-04-26-outdated-deprecations.md index 1ad9ef373827..76cc93df2aaa 100644 --- a/ruby/ql/lib/change-notes/2024-04-26-outdated-deprecations.md +++ b/ruby/ql/lib/change-notes/2024-04-26-outdated-deprecations.md @@ -1,5 +1,5 @@ --- -category: minorAnalysis +category: breaking --- * Deleted the deprecated `RegExpPatterns` module from `Regexp.qll`. * Deleted the deprecated `security/cwe-020/HostnameRegexpShared.qll` file. \ No newline at end of file From bf61114284ef8e5a5f5caeced7ed022a909e236a Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 16:06:32 +0100 Subject: [PATCH 22/30] C++: Add a test with pointer comparisons and float comparisons. --- .../controlflow/guards/Guards.expected | 4 +++ .../controlflow/guards/GuardsCompare.expected | 8 ++++++ .../controlflow/guards/GuardsControl.expected | 4 +++ .../controlflow/guards/GuardsEnsure.expected | 4 +++ .../library-tests/controlflow/guards/test.cpp | 28 ++++++++++++++++++- 5 files changed, 47 insertions(+), 1 deletion(-) diff --git a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected index 6eebc960ce3c..08a8a9281bb1 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected @@ -32,3 +32,7 @@ | test.cpp:61:10:61:10 | i | | test.cpp:74:10:74:10 | i | | test.cpp:84:10:84:10 | i | +| test.cpp:93:6:93:6 | c | +| test.cpp:99:6:99:6 | f | +| test.cpp:105:6:105:14 | ... != ... | +| test.cpp:111:6:111:14 | ... != ... | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected index b88856d90cf0..381175d886e0 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected @@ -119,6 +119,10 @@ | 102 | j < 10+0 when ... < ... is true | | 102 | j >= 10 when ... < ... is false | | 102 | j >= 10+0 when ... < ... is false | +| 105 | 0.0 != f+0 when ... != ... is true | +| 105 | 0.0 == f+0 when ... != ... is false | +| 105 | f != 0.0+0 when ... != ... is true | +| 105 | f == 0.0+0 when ... != ... is false | | 109 | 0 != x+0 when ... == ... is false | | 109 | 0 != x+0 when ... \|\| ... is false | | 109 | 0 < y+1 when ... < ... is false | @@ -137,3 +141,7 @@ | 109 | y >= 0 when ... \|\| ... is false | | 109 | y >= 0+0 when ... < ... is false | | 109 | y >= 0+0 when ... \|\| ... is false | +| 111 | 0.0 != i+0 when ... != ... is true | +| 111 | 0.0 == i+0 when ... != ... is false | +| 111 | i != 0.0+0 when ... != ... is true | +| 111 | i == 0.0+0 when ... != ... is false | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected index fbfaff9acf6b..62d9b0a12294 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected @@ -90,3 +90,7 @@ | test.cpp:61:10:61:10 | i | Case[1] | 65 | 66 | | test.cpp:74:10:74:10 | i | Case[0..10] | 75 | 77 | | test.cpp:74:10:74:10 | i | Case[11..20] | 78 | 79 | +| test.cpp:93:6:93:6 | c | true | 93 | 94 | +| test.cpp:99:6:99:6 | f | true | 99 | 100 | +| test.cpp:105:6:105:14 | ... != ... | true | 105 | 106 | +| test.cpp:111:6:111:14 | ... != ... | true | 111 | 112 | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected index cf5a6d2c73bd..70e35880ad66 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected @@ -155,6 +155,10 @@ binary | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | != | test.cpp:31:7:31:7 | x | 0 | 34 | 34 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | == | test.cpp:31:7:31:7 | x | 0 | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | == | test.cpp:31:7:31:7 | x | 0 | 31 | 32 | +| test.cpp:105:6:105:14 | ... != ... | test.cpp:105:6:105:6 | f | != | test.cpp:105:11:105:14 | 0.0 | 0 | 105 | 106 | +| test.cpp:105:6:105:14 | ... != ... | test.cpp:105:11:105:14 | 0.0 | != | test.cpp:105:6:105:6 | f | 0 | 105 | 106 | +| test.cpp:111:6:111:14 | ... != ... | test.cpp:111:6:111:6 | i | != | test.cpp:111:11:111:14 | 0.0 | 0 | 111 | 112 | +| test.cpp:111:6:111:14 | ... != ... | test.cpp:111:11:111:14 | 0.0 | != | test.cpp:111:6:111:6 | i | 0 | 111 | 112 | unary | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | < | 1 | 10 | 11 | | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | >= | 1 | 7 | 9 | diff --git a/cpp/ql/test/library-tests/controlflow/guards/test.cpp b/cpp/ql/test/library-tests/controlflow/guards/test.cpp index 3a60f5f026e7..84d02ca4efa5 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/test.cpp +++ b/cpp/ql/test/library-tests/controlflow/guards/test.cpp @@ -85,4 +85,30 @@ void test_switches_default(int i) { default: use1(i); } -} \ No newline at end of file +} + +void use(...); + +void pointer_comparison(char* c) { + if(c) { + use(c); + } +} + +void implicit_float_comparison(float f) { + if(f) { + use(f); + } +} + +void explicit_float_comparison(float f) { + if(f != 0.0f) { + use(f); + } +} + +void int_float_comparison(int i) { + if(i != 0.0f) { + use(i); + } +} From c10e00d389a211843e5c29dec3ddc673f9c8030e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 16:18:52 +0100 Subject: [PATCH 23/30] C++: Add a subclass for constant instructions with pointer type. --- .../implementation/aliased_ssa/Instruction.qll | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll index 189ffce2903e..d8fec6b61340 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll @@ -995,9 +995,8 @@ class ConstantInstruction extends ConstantValueInstruction { */ class IntegerConstantInstruction extends ConstantInstruction { IntegerConstantInstruction() { - exists(IRType resultType | - resultType = this.getResultIRType() and - (resultType instanceof IRIntegerType or resultType instanceof IRBooleanType) + exists(IRType resultType | resultType = this.getResultIRType() | + resultType instanceof IRIntegerType or resultType instanceof IRBooleanType ) } } @@ -1009,6 +1008,17 @@ class FloatConstantInstruction extends ConstantInstruction { FloatConstantInstruction() { this.getResultIRType() instanceof IRFloatingPointType } } +/** + * An instruction whose result is a constant value of a pointer type. + */ +class PointerConstantInstruction extends ConstantInstruction { + PointerConstantInstruction() { + exists(IRType resultType | resultType = this.getResultIRType() | + resultType instanceof IRAddressType or resultType instanceof IRFunctionAddressType + ) + } +} + /** * An instruction whose result is the address of a string literal. */ From e78091e9d02497ae050e804ce588354707bdec95 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 16:19:02 +0100 Subject: [PATCH 24/30] C++: Sync identical files. --- .../cpp/ir/implementation/raw/Instruction.qll | 16 +++++++++++++--- .../implementation/unaliased_ssa/Instruction.qll | 16 +++++++++++++--- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll index 189ffce2903e..d8fec6b61340 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll @@ -995,9 +995,8 @@ class ConstantInstruction extends ConstantValueInstruction { */ class IntegerConstantInstruction extends ConstantInstruction { IntegerConstantInstruction() { - exists(IRType resultType | - resultType = this.getResultIRType() and - (resultType instanceof IRIntegerType or resultType instanceof IRBooleanType) + exists(IRType resultType | resultType = this.getResultIRType() | + resultType instanceof IRIntegerType or resultType instanceof IRBooleanType ) } } @@ -1009,6 +1008,17 @@ class FloatConstantInstruction extends ConstantInstruction { FloatConstantInstruction() { this.getResultIRType() instanceof IRFloatingPointType } } +/** + * An instruction whose result is a constant value of a pointer type. + */ +class PointerConstantInstruction extends ConstantInstruction { + PointerConstantInstruction() { + exists(IRType resultType | resultType = this.getResultIRType() | + resultType instanceof IRAddressType or resultType instanceof IRFunctionAddressType + ) + } +} + /** * An instruction whose result is the address of a string literal. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll index 189ffce2903e..d8fec6b61340 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll @@ -995,9 +995,8 @@ class ConstantInstruction extends ConstantValueInstruction { */ class IntegerConstantInstruction extends ConstantInstruction { IntegerConstantInstruction() { - exists(IRType resultType | - resultType = this.getResultIRType() and - (resultType instanceof IRIntegerType or resultType instanceof IRBooleanType) + exists(IRType resultType | resultType = this.getResultIRType() | + resultType instanceof IRIntegerType or resultType instanceof IRBooleanType ) } } @@ -1009,6 +1008,17 @@ class FloatConstantInstruction extends ConstantInstruction { FloatConstantInstruction() { this.getResultIRType() instanceof IRFloatingPointType } } +/** + * An instruction whose result is a constant value of a pointer type. + */ +class PointerConstantInstruction extends ConstantInstruction { + PointerConstantInstruction() { + exists(IRType resultType | resultType = this.getResultIRType() | + resultType instanceof IRAddressType or resultType instanceof IRFunctionAddressType + ) + } +} + /** * An instruction whose result is the address of a string literal. */ From b78537dd74e6d49a1790558fc02e4dd3cf106a9d Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 16:19:24 +0100 Subject: [PATCH 25/30] C++: Allow comparisons with pointer types in IRGuards. --- cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index ee419dd70249..bcd214ec0000 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -1156,5 +1156,14 @@ private predicate add_eq( ) } +private class IntegerOrPointerConstantInstruction extends ConstantInstruction { + IntegerOrPointerConstantInstruction() { + this instanceof IntegerConstantInstruction or + this instanceof PointerConstantInstruction + } +} + /** The int value of integer constant expression. */ -private int int_value(Instruction i) { result = i.(IntegerConstantInstruction).getValue().toInt() } +private int int_value(Instruction i) { + result = i.(IntegerOrPointerConstantInstruction).getValue().toInt() +} From d18cdee0bc707f0c0a223c905ecc4d0d16aaae90 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 26 Apr 2024 16:19:33 +0100 Subject: [PATCH 26/30] C++: Accept test changes. --- .../test/library-tests/controlflow/guards-ir/tests.expected | 6 ++++++ .../library-tests/controlflow/guards/GuardsCompare.expected | 4 ++++ .../library-tests/controlflow/guards/GuardsEnsure.expected | 2 ++ 3 files changed, 12 insertions(+) diff --git a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected index cc29559d5d31..943d7028a5d2 100644 --- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected +++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected @@ -56,6 +56,8 @@ astGuardsCompare | 17 | y < 1+1 when ... > ... is false | | 17 | y >= 1+1 when ... && ... is true | | 17 | y >= 1+1 when ... > ... is true | +| 18 | call to get != 0 when call to get is true | +| 18 | call to get == 0 when call to get is false | | 26 | 0 < x+0 when ... > ... is true | | 26 | 0 >= x+0 when ... > ... is false | | 26 | x < 0+1 when ... > ... is false | @@ -487,6 +489,7 @@ astGuardsEnsure_const | test.c:109:9:109:23 | ... \|\| ... | test.c:109:9:109:9 | x | != | 0 | 113 | 113 | | test.c:175:13:175:32 | ... == ... | test.c:175:13:175:15 | call to foo | != | 0 | 175 | 175 | | test.c:175:13:175:32 | ... == ... | test.c:175:13:175:15 | call to foo | == | 0 | 175 | 175 | +| test.cpp:18:8:18:10 | call to get | test.cpp:18:8:18:10 | call to get | != | 0 | 19 | 19 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 34 | 34 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | == | -1 | 30 | 30 | @@ -545,6 +548,8 @@ irGuardsCompare | 17 | y < 2 when CompareGT: ... > ... is false | | 17 | y >= 1+1 when CompareGT: ... > ... is true | | 17 | y >= 2 when CompareGT: ... > ... is true | +| 18 | call to get != 0 when CompareNE: (bool)... is true | +| 18 | call to get == 0 when CompareNE: (bool)... is false | | 26 | 0 < x+0 when CompareGT: ... > ... is true | | 26 | 0 >= x+0 when CompareGT: ... > ... is false | | 26 | x < 0+1 when CompareGT: ... > ... is false | @@ -996,6 +1001,7 @@ irGuardsEnsure_const | test.c:109:19:109:23 | CompareLT: ... < ... | test.c:109:19:109:19 | Load: y | >= | 0 | 113 | 113 | | test.c:175:13:175:32 | CompareEQ: ... == ... | test.c:175:13:175:15 | Call: call to foo | != | 0 | 175 | 175 | | test.c:175:13:175:32 | CompareEQ: ... == ... | test.c:175:13:175:15 | Call: call to foo | == | 0 | 175 | 175 | +| test.cpp:18:8:18:12 | CompareNE: (bool)... | test.cpp:18:8:18:10 | Call: call to get | != | 0 | 19 | 19 | | test.cpp:31:7:31:13 | CompareEQ: ... == ... | test.cpp:31:7:31:7 | Load: x | != | -1 | 34 | 34 | | test.cpp:31:7:31:13 | CompareEQ: ... == ... | test.cpp:31:7:31:7 | Load: x | == | -1 | 30 | 30 | | test.cpp:31:7:31:13 | CompareEQ: ... == ... | test.cpp:31:7:31:7 | Load: x | == | -1 | 32 | 32 | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected index 381175d886e0..756140604e13 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected @@ -22,6 +22,8 @@ | 17 | y >= 1+1 when ... > ... is true | | 17 | y >= 2 when ... && ... is true | | 17 | y >= 2 when ... > ... is true | +| 18 | call to get != 0 when call to get is true | +| 18 | call to get == 0 when call to get is false | | 26 | 0 < x+0 when ... > ... is true | | 26 | 0 >= x+0 when ... > ... is false | | 26 | x < 0+1 when ... > ... is false | @@ -107,6 +109,8 @@ | 85 | y != 0+0 when ... && ... is true | | 85 | y == 0 when ... != ... is false | | 85 | y == 0+0 when ... != ... is false | +| 93 | c != 0 when c is true | +| 93 | c == 0 when c is false | | 94 | 0 != x+0 when ... != ... is true | | 94 | 0 == x+0 when ... != ... is false | | 94 | x != 0 when ... != ... is true | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected index 70e35880ad66..f9eaced1276a 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected @@ -234,6 +234,7 @@ unary | test.c:109:9:109:23 | ... \|\| ... | test.c:109:9:109:9 | x | != | 0 | 113 | 113 | | test.c:109:9:109:23 | ... \|\| ... | test.c:109:19:109:19 | y | >= | 0 | 113 | 113 | | test.c:109:19:109:23 | ... < ... | test.c:109:19:109:19 | y | >= | 0 | 113 | 113 | +| test.cpp:18:8:18:10 | call to get | test.cpp:18:8:18:10 | call to get | != | 0 | 19 | 19 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 34 | 34 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | == | -1 | 30 | 30 | @@ -244,3 +245,4 @@ unary | test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | < | 21 | 78 | 79 | | test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | >= | 0 | 75 | 77 | | test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | >= | 11 | 78 | 79 | +| test.cpp:93:6:93:6 | c | test.cpp:93:6:93:6 | c | != | 0 | 93 | 94 | From 8b23f6db1022ec518962db98d5b882b244d3e66b Mon Sep 17 00:00:00 2001 From: Harry Maclean Date: Sat, 27 Apr 2024 09:53:07 +0100 Subject: [PATCH 27/30] Ruby: Add URI.open example to rb/kernel-open qhelp --- .../queries/security/cwe-078/examples/file_open.rb | 13 ++++++++----- .../security/cwe-078/examples/kernel_open.rb | 7 ++++++- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/ruby/ql/src/queries/security/cwe-078/examples/file_open.rb b/ruby/ql/src/queries/security/cwe-078/examples/file_open.rb index 3ce1f44817f9..1e0c13d6aca3 100644 --- a/ruby/ql/src/queries/security/cwe-078/examples/file_open.rb +++ b/ruby/ql/src/queries/security/cwe-078/examples/file_open.rb @@ -1,6 +1,9 @@ class UsersController < ActionController::Base - def create - filename = params[:filename] - File.open(filename) - end - end \ No newline at end of file + def create + filename = params[:filename] + File.open(filename) + + web_page = params[:web_page] + Net::HTTP.get(URI.parse(web_page)) + end +end diff --git a/ruby/ql/src/queries/security/cwe-078/examples/kernel_open.rb b/ruby/ql/src/queries/security/cwe-078/examples/kernel_open.rb index 84f8bc8db7d4..ce14c11acede 100644 --- a/ruby/ql/src/queries/security/cwe-078/examples/kernel_open.rb +++ b/ruby/ql/src/queries/security/cwe-078/examples/kernel_open.rb @@ -1,6 +1,11 @@ +require "open-uri" + class UsersController < ActionController::Base def create filename = params[:filename] open(filename) # BAD + + web_page = params[:web_page] + URI.open(web_page) # BAD - calls `Kernel.open` internally end -end \ No newline at end of file +end From d62e888b86904d9541490388857b3cfa36d67471 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 29 Apr 2024 09:27:12 +0200 Subject: [PATCH 28/30] C#: Code quality improvements. --- .../Assets.cs | 6 +++--- .../DependencyContainer.cs | 10 +++++----- .../NugetPackageRestorer.cs | 13 +++++-------- 3 files changed, 13 insertions(+), 16 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs index 511db0871d9a..4082146f5920 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs @@ -17,7 +17,7 @@ internal class Assets private readonly ILogger logger; /// - /// Contains the dependencies found in the parsed asset files. + /// Contains the dependencies found in the parsed assets files. /// public DependencyContainer Dependencies { get; } = new(); @@ -225,7 +225,7 @@ private static bool TryReadAllText(string path, ILogger logger, [NotNullWhen(ret /// /// Add the dependencies from the assets file to the dependencies. /// - /// Path to an asset file. + /// Path to an assets file. public void AddDependencies(string asset) { if (TryReadAllText(asset, logger, out var json)) @@ -237,7 +237,7 @@ public void AddDependencies(string asset) /// /// Add the dependencies from the assets files to the dependencies. /// - /// Collection of paths to asset files. + /// Collection of paths to assets files. public void AddDependenciesRange(IEnumerable assets) => assets.ForEach(AddDependencies); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs index 6251fa321243..230731104124 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs @@ -45,7 +45,7 @@ public void Add(string package, string dependency) var p = package.Replace('/', Path.DirectorySeparatorChar); var d = dependency.Replace('/', Path.DirectorySeparatorChar); - // In most cases paths in asset files point to dll's or the empty _._ file. + // In most cases paths in assets files point to dll's or the empty _._ file. // That is, for _._ we don't need to add anything. if (Path.GetFileName(d) == "_._") { @@ -74,11 +74,11 @@ internal static class DependencyContainerExtensions /// /// Flatten a list of containers into a single container. /// - public static DependencyContainer Flatten(this IEnumerable container) => - container.Aggregate(new DependencyContainer(), (acc, c) => + public static DependencyContainer Flatten(this IEnumerable containers, DependencyContainer init) => + containers.Aggregate(init, (acc, container) => { - acc.Paths.UnionWith(c.Paths); - acc.Packages.UnionWith(c.Packages); + acc.Paths.UnionWith(container.Paths); + acc.Packages.UnionWith(container.Packages); return acc; }); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index 371b33dfecaa..307be1244eb5 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -1,4 +1,5 @@ using System; +using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; @@ -148,8 +149,7 @@ public HashSet Restore() var projects = fileProvider.Projects.Except(restoredProjects); RestoreProjects(projects, out var containers); - containers.Add(container); - var dependencies = containers.Flatten(); + var dependencies = containers.Flatten(container); var paths = dependencies .Paths @@ -235,11 +235,11 @@ private IEnumerable RestoreSolutions(out DependencyContainer dependencie /// Populates dependencies with the relative paths to the assets files generated by the restore. /// /// A list of paths to project files. - private void RestoreProjects(IEnumerable projects, out List dependencies) + private void RestoreProjects(IEnumerable projects, out ConcurrentBag dependencies) { var successCount = 0; var nugetSourceFailures = 0; - List collectedDependencies = []; + ConcurrentBag collectedDependencies = []; var sync = new object(); var projectGroups = projects.GroupBy(Path.GetDirectoryName); Parallel.ForEach(projectGroups, new ParallelOptions { MaxDegreeOfParallelism = DependencyManager.Threads }, projectGroup => @@ -262,10 +262,7 @@ private void RestoreProjects(IEnumerable projects, out List Date: Mon, 29 Apr 2024 11:17:24 +0100 Subject: [PATCH 29/30] Ruby: Reduce FPs for rb/incomplete-hostname-regexp Arguments in calls to `match[?]` should only be considered regular expression interpretations if the `match` refers to the standard library method, not a method in source code. --- ruby/ql/lib/codeql/ruby/Regexp.qll | 4 +++- .../IncompleteHostnameRegExp.expected | 1 + .../tst-IncompleteHostnameRegExp.rb | 14 ++++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/Regexp.qll b/ruby/ql/lib/codeql/ruby/Regexp.qll index 1abcee8d2d16..6ca1d40dc632 100644 --- a/ruby/ql/lib/codeql/ruby/Regexp.qll +++ b/ruby/ql/lib/codeql/ruby/Regexp.qll @@ -122,7 +122,9 @@ class StdLibRegExpInterpretation extends RegExpInterpretation::Range { mce.getMethodName() = ["match", "match?"] and this = mce.getArgument(0) and // exclude https://ruby-doc.org/core-2.4.0/Regexp.html#method-i-match - not mce.getReceiver() = RegExpTracking::trackRegexpType() + not mce.getReceiver() = RegExpTracking::trackRegexpType() and + // exclude non-stdlib methods + not exists(mce.getATarget()) ) } } diff --git a/ruby/ql/test/query-tests/security/cwe-020/IncompleteHostnameRegExp/IncompleteHostnameRegExp.expected b/ruby/ql/test/query-tests/security/cwe-020/IncompleteHostnameRegExp/IncompleteHostnameRegExp.expected index 9110e245cd63..097f43c33e70 100644 --- a/ruby/ql/test/query-tests/security/cwe-020/IncompleteHostnameRegExp/IncompleteHostnameRegExp.expected +++ b/ruby/ql/test/query-tests/security/cwe-020/IncompleteHostnameRegExp/IncompleteHostnameRegExp.expected @@ -28,3 +28,4 @@ | tst-IncompleteHostnameRegExp.rb:48:42:48:67 | ^https?://.+.example\\.com/ | This string, which is used as a regular expression $@, has an unescaped '.' before 'example\\.com/', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.rb:48:13:48:69 | ... + ... | here | | tst-IncompleteHostnameRegExp.rb:48:42:48:67 | ^https?://.+.example\\.com/ | This string, which is used as a regular expression $@, has an unrestricted wildcard '.+' which may cause 'example\\.com/' to be matched anywhere in the URL, outside the hostname. | tst-IncompleteHostnameRegExp.rb:48:13:48:69 | ... + ... | here | | tst-IncompleteHostnameRegExp.rb:59:5:59:20 | foo.example\\.com | This regular expression has an unescaped '.' before 'example\\.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.rb:59:2:59:32 | /^(foo.example\\.com\|whatever)$/ | here | +| tst-IncompleteHostnameRegExp.rb:81:11:81:34 | ^http://test.example.com | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.rb:77:22:77:22 | x | here | diff --git a/ruby/ql/test/query-tests/security/cwe-020/IncompleteHostnameRegExp/tst-IncompleteHostnameRegExp.rb b/ruby/ql/test/query-tests/security/cwe-020/IncompleteHostnameRegExp/tst-IncompleteHostnameRegExp.rb index 91770040110a..7041e4dc9c46 100644 --- a/ruby/ql/test/query-tests/security/cwe-020/IncompleteHostnameRegExp/tst-IncompleteHostnameRegExp.rb +++ b/ruby/ql/test/query-tests/security/cwe-020/IncompleteHostnameRegExp/tst-IncompleteHostnameRegExp.rb @@ -65,3 +65,17 @@ def convert1(domain) def convert2(domain) return Regexp.new(domain[:hostname]); end + +class A + def self.match?(x) = true +end + +A.match?("^http://test.example.com") # OK + +class B + def self.match?(x) + some_string.match?(x) + end +end + +B.match?("^http://test.example.com") # NOT OK From a28f87fff061164c93a75344151b8148f8344a27 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 29 Apr 2024 13:31:48 +0200 Subject: [PATCH 30/30] Bazel: add empty registry override This will unblock work in parallel on two separate PRs that require patching different modules. --- .bazelrc | 3 + .bazelrc.internal | 4 + misc/bazel/registry/AUTHORS | 7 + misc/bazel/registry/LICENSE | 202 ++++++++++++++++++++++++ misc/bazel/registry/NOTICE | 3 + misc/bazel/registry/README.md | 3 + misc/bazel/registry/bazel_registry.json | 3 + misc/bazel/registry/fix.py | 55 +++++++ 8 files changed, 280 insertions(+) create mode 100644 .bazelrc.internal create mode 100644 misc/bazel/registry/AUTHORS create mode 100644 misc/bazel/registry/LICENSE create mode 100644 misc/bazel/registry/NOTICE create mode 100644 misc/bazel/registry/README.md create mode 100644 misc/bazel/registry/bazel_registry.json create mode 100755 misc/bazel/registry/fix.py diff --git a/.bazelrc b/.bazelrc index 12232b4bbd68..0a49f682da37 100644 --- a/.bazelrc +++ b/.bazelrc @@ -14,4 +14,7 @@ build:linux --cxxopt=-std=c++20 build:macos --cxxopt=-std=c++20 --cpu=darwin_x86_64 build:windows --cxxopt=/std:c++20 --cxxopt=/Zc:preprocessor +common --registry=file:///%workspace%/misc/bazel/registry +common --registry=https://bcr.bazel.build + try-import %workspace%/local.bazelrc diff --git a/.bazelrc.internal b/.bazelrc.internal new file mode 100644 index 000000000000..cdffa9ccdea6 --- /dev/null +++ b/.bazelrc.internal @@ -0,0 +1,4 @@ +# this file should contain bazel settings required to build things from `semmle-code` + +common --registry=file:///%workspace%/ql/misc/bazel/registry +common --registry=https://bcr.bazel.build diff --git a/misc/bazel/registry/AUTHORS b/misc/bazel/registry/AUTHORS new file mode 100644 index 000000000000..42818b292e7c --- /dev/null +++ b/misc/bazel/registry/AUTHORS @@ -0,0 +1,7 @@ +# This is the list of Bazel's significant contributors. +# +# This does not necessarily list everyone who has contributed code, +# especially since many employees of one corporation may be contributing. +# To see the full list of contributors, see the revision history in +# source control. +Google LLC diff --git a/misc/bazel/registry/LICENSE b/misc/bazel/registry/LICENSE new file mode 100644 index 000000000000..d64569567334 --- /dev/null +++ b/misc/bazel/registry/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/misc/bazel/registry/NOTICE b/misc/bazel/registry/NOTICE new file mode 100644 index 000000000000..95329ae18f60 --- /dev/null +++ b/misc/bazel/registry/NOTICE @@ -0,0 +1,3 @@ +The files in this directory where originally taken from http://github.com/bazelbuild/bazel-central-registry and are +a derivative work thereof, distributed under the Apache 2.0 license, with the following exceptions: +* the `fix.py` file was added under the MIT license as the rest of the `codeql` repository. diff --git a/misc/bazel/registry/README.md b/misc/bazel/registry/README.md new file mode 100644 index 000000000000..5d1723d0eacb --- /dev/null +++ b/misc/bazel/registry/README.md @@ -0,0 +1,3 @@ +Versions to be patched can be taken from https://github.com/bazelbuild/bazel-central-repository. After adding patches +inside `//patches`, and eventually renaming ``, run [`fix.py`](./fix.py) to align all metadata +to the renamed version and added patches. diff --git a/misc/bazel/registry/bazel_registry.json b/misc/bazel/registry/bazel_registry.json new file mode 100644 index 000000000000..ea3f94f7a1e4 --- /dev/null +++ b/misc/bazel/registry/bazel_registry.json @@ -0,0 +1,3 @@ +{ + "mirrors": [] +} diff --git a/misc/bazel/registry/fix.py b/misc/bazel/registry/fix.py new file mode 100755 index 000000000000..a2b947e19e20 --- /dev/null +++ b/misc/bazel/registry/fix.py @@ -0,0 +1,55 @@ +#!/usr/bin/env python3 + +# Copyright (c) 2024 GitHub, Inc. + +""" +Fix metadata in overridden registry, updating `metadata.json` to list correct versions and `source.json` +to list correct patches with sha256 hashes. +""" + +import pathlib +import json +import base64 +import hashlib +import re + +this_dir = pathlib.Path(__file__).resolve().parent + + +def sha256(file): + with open(file, 'rb') as input: + hash = hashlib.sha256(input.read()).digest() + hash = base64.b64encode(hash).decode() + return f"sha256-{hash}" + + +def patch_file(file, f): + try: + data = file.read_text() + except FileNotFoundError: + data = None + file.write_text(f(data)) + + +def patch_json(file, **kwargs): + def update(data): + data = json.loads(data) if data else {} + data.update(kwargs) + return json.dumps(data, indent=4) + "\n" + + patch_file(file, update) + + +for entry in this_dir.joinpath("modules").iterdir(): + if not entry.is_dir(): + continue + versions = [e for e in entry.iterdir() if e.is_dir()] + + patch_json(entry / "metadata.json", versions=[v.name for v in versions]) + + for version in versions: + patch_json(version / "source.json", patches={ + p.name: sha256(p) for p in version.joinpath("patches").iterdir() + }) + patch_file(version / "MODULE.bazel", + lambda s: re.sub(r'''version\s*=\s*['"].*['"]''', f'version = "{version.name}"', s, 1))