From 4a55b6fbdfcc5c08135c47d945eb43768b8c77f3 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Mon, 18 Mar 2024 15:02:33 +0000
Subject: [PATCH 1/2] C++: Make 'cpp/uninitialized-local' a path-problem query.

---
 .../Memory Management/UninitializedLocal.ql   |  5 ++-
 .../semmle/tests/UninitializedLocal.expected  | 42 +++++++++++++------
 2 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql b/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql
index f8bac113eb98..35bee25c9f5f 100644
--- a/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql	
+++ b/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql	
@@ -2,7 +2,7 @@
  * @name Potentially uninitialized local variable
  * @description Reading from a local variable that has not been assigned to
  *              will typically yield garbage.
- * @kind problem
+ * @kind path-problem
  * @id cpp/uninitialized-local
  * @problem.severity warning
  * @security-severity 7.8
@@ -15,6 +15,7 @@
 import cpp
 import semmle.code.cpp.ir.IR
 import semmle.code.cpp.ir.dataflow.MustFlow
+import PathGraph
 
 /**
  * Auxiliary predicate: Types that don't require initialization
@@ -89,4 +90,4 @@ where
   conf.hasFlowPath(source, sink) and
   isSinkImpl(sink.getInstruction(), va) and
   v = va.getTarget()
-select va, "The variable $@ may not be initialized at this access.", v, v.getName()
+select va, source, sink, "The variable $@ may not be initialized at this access.", v, v.getName()
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
index 7b5233f45b49..d27b2c996b33 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
@@ -1,13 +1,29 @@
-| test.cpp:12:6:12:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo |
-| test.cpp:113:6:113:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:111:6:111:8 | foo | foo |
-| test.cpp:219:3:219:3 | x | The variable $@ may not be initialized at this access. | test.cpp:218:7:218:7 | x | x |
-| test.cpp:243:13:243:13 | i | The variable $@ may not be initialized at this access. | test.cpp:241:6:241:6 | i | i |
-| test.cpp:336:10:336:10 | a | The variable $@ may not be initialized at this access. | test.cpp:333:7:333:7 | a | a |
-| test.cpp:369:10:369:10 | a | The variable $@ may not be initialized at this access. | test.cpp:358:7:358:7 | a | a |
-| test.cpp:378:9:378:11 | val | The variable $@ may not be initialized at this access. | test.cpp:359:6:359:8 | val | val |
-| test.cpp:417:10:417:10 | j | The variable $@ may not be initialized at this access. | test.cpp:414:9:414:9 | j | j |
-| test.cpp:436:9:436:9 | j | The variable $@ may not be initialized at this access. | test.cpp:431:9:431:9 | j | j |
-| test.cpp:454:2:454:2 | x | The variable $@ may not be initialized at this access. | test.cpp:452:6:452:6 | x | x |
-| test.cpp:460:7:460:7 | x | The variable $@ may not be initialized at this access. | test.cpp:458:6:458:6 | x | x |
-| test.cpp:467:2:467:2 | x | The variable $@ may not be initialized at this access. | test.cpp:464:6:464:6 | x | x |
-| test.cpp:474:7:474:7 | x | The variable $@ may not be initialized at this access. | test.cpp:471:6:471:6 | x | x |
+edges
+nodes
+| test.cpp:11:6:11:8 | definition of foo | semmle.label | definition of foo |
+| test.cpp:111:6:111:8 | definition of foo | semmle.label | definition of foo |
+| test.cpp:218:7:218:7 | definition of x | semmle.label | definition of x |
+| test.cpp:241:6:241:6 | definition of i | semmle.label | definition of i |
+| test.cpp:333:7:333:7 | definition of a | semmle.label | definition of a |
+| test.cpp:358:7:358:7 | definition of a | semmle.label | definition of a |
+| test.cpp:359:6:359:8 | definition of val | semmle.label | definition of val |
+| test.cpp:414:9:414:9 | definition of j | semmle.label | definition of j |
+| test.cpp:431:9:431:9 | definition of j | semmle.label | definition of j |
+| test.cpp:452:6:452:6 | definition of x | semmle.label | definition of x |
+| test.cpp:458:6:458:6 | definition of x | semmle.label | definition of x |
+| test.cpp:464:6:464:6 | definition of x | semmle.label | definition of x |
+| test.cpp:471:6:471:6 | definition of x | semmle.label | definition of x |
+#select
+| test.cpp:12:6:12:8 | foo | test.cpp:11:6:11:8 | definition of foo | test.cpp:11:6:11:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo |
+| test.cpp:113:6:113:8 | foo | test.cpp:111:6:111:8 | definition of foo | test.cpp:111:6:111:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:111:6:111:8 | foo | foo |
+| test.cpp:219:3:219:3 | x | test.cpp:218:7:218:7 | definition of x | test.cpp:218:7:218:7 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:218:7:218:7 | x | x |
+| test.cpp:243:13:243:13 | i | test.cpp:241:6:241:6 | definition of i | test.cpp:241:6:241:6 | definition of i | The variable $@ may not be initialized at this access. | test.cpp:241:6:241:6 | i | i |
+| test.cpp:336:10:336:10 | a | test.cpp:333:7:333:7 | definition of a | test.cpp:333:7:333:7 | definition of a | The variable $@ may not be initialized at this access. | test.cpp:333:7:333:7 | a | a |
+| test.cpp:369:10:369:10 | a | test.cpp:358:7:358:7 | definition of a | test.cpp:358:7:358:7 | definition of a | The variable $@ may not be initialized at this access. | test.cpp:358:7:358:7 | a | a |
+| test.cpp:378:9:378:11 | val | test.cpp:359:6:359:8 | definition of val | test.cpp:359:6:359:8 | definition of val | The variable $@ may not be initialized at this access. | test.cpp:359:6:359:8 | val | val |
+| test.cpp:417:10:417:10 | j | test.cpp:414:9:414:9 | definition of j | test.cpp:414:9:414:9 | definition of j | The variable $@ may not be initialized at this access. | test.cpp:414:9:414:9 | j | j |
+| test.cpp:436:9:436:9 | j | test.cpp:431:9:431:9 | definition of j | test.cpp:431:9:431:9 | definition of j | The variable $@ may not be initialized at this access. | test.cpp:431:9:431:9 | j | j |
+| test.cpp:454:2:454:2 | x | test.cpp:452:6:452:6 | definition of x | test.cpp:452:6:452:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:452:6:452:6 | x | x |
+| test.cpp:460:7:460:7 | x | test.cpp:458:6:458:6 | definition of x | test.cpp:458:6:458:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:458:6:458:6 | x | x |
+| test.cpp:467:2:467:2 | x | test.cpp:464:6:464:6 | definition of x | test.cpp:464:6:464:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:464:6:464:6 | x | x |
+| test.cpp:474:7:474:7 | x | test.cpp:471:6:471:6 | definition of x | test.cpp:471:6:471:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:471:6:471:6 | x | x |

From bd0969b87b05918dbd2f9883a46daa98bd8cab04 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Mon, 18 Mar 2024 15:04:19 +0000
Subject: [PATCH 2/2] C++: Add change note.

---
 .../2024-03-18-uninitialized-local-path-problem.md            | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 cpp/ql/src/change-notes/2024-03-18-uninitialized-local-path-problem.md

diff --git a/cpp/ql/src/change-notes/2024-03-18-uninitialized-local-path-problem.md b/cpp/ql/src/change-notes/2024-03-18-uninitialized-local-path-problem.md
new file mode 100644
index 000000000000..14a8c2e7ce74
--- /dev/null
+++ b/cpp/ql/src/change-notes/2024-03-18-uninitialized-local-path-problem.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) has been converted to a `path-problem` query.
\ No newline at end of file