Skip to content

Commit

Permalink
Rust: Add additional data flow tests
Browse files Browse the repository at this point in the history
  • Loading branch information
paldepind committed Dec 11, 2024
1 parent 066cfa3 commit e8357a6
Show file tree
Hide file tree
Showing 6 changed files with 132 additions and 99 deletions.
33 changes: 33 additions & 0 deletions rust/ql/test/library-tests/dataflow/closures/inline-flow.expected
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
models
edges
| main.rs:11:20:11:52 | if cond {...} else {...} | main.rs:12:10:12:16 | f(...) | provenance | |
| main.rs:11:30:11:39 | source(...) | main.rs:11:20:11:52 | if cond {...} else {...} | provenance | |
| main.rs:16:20:16:23 | ... | main.rs:18:18:18:21 | data | provenance | |
| main.rs:22:13:22:22 | source(...) | main.rs:23:13:23:13 | a | provenance | |
| main.rs:23:13:23:13 | a | main.rs:16:20:16:23 | ... | provenance | |
| main.rs:27:20:27:23 | ... | main.rs:28:9:32:9 | if cond {...} else {...} | provenance | |
| main.rs:33:13:33:22 | source(...) | main.rs:34:21:34:21 | a | provenance | |
| main.rs:34:13:34:22 | f(...) | main.rs:35:10:35:10 | b | provenance | |
| main.rs:34:21:34:21 | a | main.rs:27:20:27:23 | ... | provenance | |
| main.rs:34:21:34:21 | a | main.rs:34:13:34:22 | f(...) | provenance | |
nodes
| main.rs:11:20:11:52 | if cond {...} else {...} | semmle.label | if cond {...} else {...} |
| main.rs:11:30:11:39 | source(...) | semmle.label | source(...) |
| main.rs:12:10:12:16 | f(...) | semmle.label | f(...) |
| main.rs:16:20:16:23 | ... | semmle.label | ... |
| main.rs:18:18:18:21 | data | semmle.label | data |
| main.rs:22:13:22:22 | source(...) | semmle.label | source(...) |
| main.rs:23:13:23:13 | a | semmle.label | a |
| main.rs:27:20:27:23 | ... | semmle.label | ... |
| main.rs:28:9:32:9 | if cond {...} else {...} | semmle.label | if cond {...} else {...} |
| main.rs:33:13:33:22 | source(...) | semmle.label | source(...) |
| main.rs:34:13:34:22 | f(...) | semmle.label | f(...) |
| main.rs:34:21:34:21 | a | semmle.label | a |
| main.rs:35:10:35:10 | b | semmle.label | b |
subpaths
| main.rs:34:21:34:21 | a | main.rs:27:20:27:23 | ... | main.rs:28:9:32:9 | if cond {...} else {...} | main.rs:34:13:34:22 | f(...) |
testFailures
#select
| main.rs:12:10:12:16 | f(...) | main.rs:11:30:11:39 | source(...) | main.rs:12:10:12:16 | f(...) | $@ | main.rs:11:30:11:39 | source(...) | source(...) |
| main.rs:18:18:18:21 | data | main.rs:22:13:22:22 | source(...) | main.rs:18:18:18:21 | data | $@ | main.rs:22:13:22:22 | source(...) | source(...) |
| main.rs:35:10:35:10 | b | main.rs:33:13:33:22 | source(...) | main.rs:35:10:35:10 | b | $@ | main.rs:33:13:33:22 | source(...) | source(...) |
12 changes: 12 additions & 0 deletions rust/ql/test/library-tests/dataflow/closures/inline-flow.ql
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
/**
* @kind path-problem
*/

import rust
import utils.InlineFlowTest
import DefaultFlowTest
import ValueFlow::PathGraph

from ValueFlow::PathNode source, ValueFlow::PathNode sink
where ValueFlow::flowPath(source, sink)
select sink, source, sink, "$@", source, source.toString()
57 changes: 57 additions & 0 deletions rust/ql/test/library-tests/dataflow/closures/main.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
fn source(i: i64) -> i64 {
1000 + i
}

fn sink(s: i64) {
println!("{}", s);
}


fn closure_flow_out() {
let f = |cond| if cond { source(92) } else { 0 };
sink(f(true)); // $ hasValueFlow=92
}

fn closure_flow_in() {
let f = |cond, data|
if cond {
sink(data); // $ hasValueFlow=87
} else {
sink(0)
};
let a = source(87);
f(true, a);
}

fn closure_flow_through() {
let f = |cond, data|
if cond {
data
} else {
0
};
let a = source(43);
let b = f(true, a);
sink(b); // $ hasValueFlow=43
}

fn closure_captured_variable() {
let mut capt = 1;
sink(capt);
let mut f = || {
capt = source(73);
};
f();
sink(capt); // $ MISSING: hasValueFlow=73
let g = || {
sink(capt); // $ MISSING: hasValueFlow=73
};
g();
}

fn main() {
closure_flow_out();
closure_flow_in();
closure_flow_through();
closure_captured_variable();
}
61 changes: 15 additions & 46 deletions rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
Original file line number Diff line number Diff line change
Expand Up @@ -427,51 +427,20 @@ localStep
| main.rs:377:13:377:19 | [post] mut_arr | main.rs:379:10:379:16 | mut_arr |
| main.rs:377:13:377:19 | mut_arr | main.rs:379:10:379:16 | mut_arr |
| main.rs:377:13:377:22 | mut_arr[1] | main.rs:377:9:377:9 | d |
| main.rs:383:9:383:9 | [SSA] f | main.rs:384:10:384:10 | f |
| main.rs:383:9:383:9 | f | main.rs:383:9:383:9 | [SSA] f |
| main.rs:383:13:383:52 | \|...\| ... | main.rs:383:9:383:9 | f |
| main.rs:383:14:383:17 | ... | main.rs:383:14:383:17 | cond |
| main.rs:383:14:383:17 | [SSA] cond | main.rs:383:23:383:26 | cond |
| main.rs:383:14:383:17 | cond | main.rs:383:14:383:17 | [SSA] cond |
| main.rs:383:28:383:41 | { ... } | main.rs:383:20:383:52 | if cond {...} else {...} |
| main.rs:383:30:383:39 | source(...) | main.rs:383:28:383:41 | { ... } |
| main.rs:383:48:383:52 | { ... } | main.rs:383:20:383:52 | if cond {...} else {...} |
| main.rs:383:50:383:50 | 0 | main.rs:383:48:383:52 | { ... } |
| main.rs:388:9:388:9 | [SSA] f | main.rs:395:5:395:5 | f |
| main.rs:388:9:388:9 | f | main.rs:388:9:388:9 | [SSA] f |
| main.rs:388:13:393:9 | \|...\| ... | main.rs:388:9:388:9 | f |
| main.rs:388:14:388:17 | ... | main.rs:388:14:388:17 | cond |
| main.rs:388:14:388:17 | [SSA] cond | main.rs:389:12:389:15 | cond |
| main.rs:388:14:388:17 | cond | main.rs:388:14:388:17 | [SSA] cond |
| main.rs:388:20:388:23 | ... | main.rs:388:20:388:23 | data |
| main.rs:388:20:388:23 | [SSA] data | main.rs:390:18:390:21 | data |
| main.rs:388:20:388:23 | data | main.rs:388:20:388:23 | [SSA] data |
| main.rs:389:17:391:9 | { ... } | main.rs:389:9:393:9 | if cond {...} else {...} |
| main.rs:391:16:393:9 | { ... } | main.rs:389:9:393:9 | if cond {...} else {...} |
| main.rs:392:13:392:19 | sink(...) | main.rs:391:16:393:9 | { ... } |
| main.rs:394:9:394:9 | [SSA] a | main.rs:395:13:395:13 | a |
| main.rs:394:9:394:9 | a | main.rs:394:9:394:9 | [SSA] a |
| main.rs:394:13:394:22 | source(...) | main.rs:394:9:394:9 | a |
| main.rs:399:9:399:9 | [SSA] f | main.rs:406:13:406:13 | f |
| main.rs:399:9:399:9 | f | main.rs:399:9:399:9 | [SSA] f |
| main.rs:399:13:404:9 | \|...\| ... | main.rs:399:9:399:9 | f |
| main.rs:399:14:399:17 | ... | main.rs:399:14:399:17 | cond |
| main.rs:399:14:399:17 | [SSA] cond | main.rs:400:12:400:15 | cond |
| main.rs:399:14:399:17 | cond | main.rs:399:14:399:17 | [SSA] cond |
| main.rs:399:20:399:23 | ... | main.rs:399:20:399:23 | data |
| main.rs:399:20:399:23 | [SSA] data | main.rs:401:13:401:16 | data |
| main.rs:399:20:399:23 | data | main.rs:399:20:399:23 | [SSA] data |
| main.rs:400:17:402:9 | { ... } | main.rs:400:9:404:9 | if cond {...} else {...} |
| main.rs:401:13:401:16 | data | main.rs:400:17:402:9 | { ... } |
| main.rs:402:16:404:9 | { ... } | main.rs:400:9:404:9 | if cond {...} else {...} |
| main.rs:403:13:403:13 | 0 | main.rs:402:16:404:9 | { ... } |
| main.rs:405:9:405:9 | [SSA] a | main.rs:406:21:406:21 | a |
| main.rs:405:9:405:9 | a | main.rs:405:9:405:9 | [SSA] a |
| main.rs:405:13:405:22 | source(...) | main.rs:405:9:405:9 | a |
| main.rs:406:9:406:9 | [SSA] b | main.rs:407:10:407:10 | b |
| main.rs:406:9:406:9 | b | main.rs:406:9:406:9 | [SSA] b |
| main.rs:406:13:406:22 | f(...) | main.rs:406:9:406:9 | b |
| main.rs:431:13:431:33 | result_questionmark(...) | main.rs:431:9:431:9 | _ |
| main.rs:386:9:386:9 | a | main.rs:386:9:386:9 | [SSA] a |
| main.rs:386:13:386:22 | source(...) | main.rs:386:9:386:9 | a |
| main.rs:387:9:387:9 | [SSA] b | main.rs:388:14:388:14 | b |
| main.rs:387:9:387:9 | b | main.rs:387:9:387:9 | [SSA] b |
| main.rs:387:13:387:14 | &a | main.rs:387:9:387:9 | b |
| main.rs:388:9:388:9 | [SSA] c | main.rs:389:10:389:10 | c |
| main.rs:388:9:388:9 | c | main.rs:388:9:388:9 | [SSA] c |
| main.rs:388:13:388:14 | * ... | main.rs:388:9:388:9 | c |
| main.rs:393:17:393:17 | 1 | main.rs:393:9:393:13 | a |
| main.rs:395:9:395:9 | [SSA] b | main.rs:396:6:396:6 | b |
| main.rs:395:9:395:9 | b | main.rs:395:9:395:9 | [SSA] b |
| main.rs:395:13:395:18 | &mut a | main.rs:395:9:395:9 | b |
| main.rs:396:10:396:19 | source(...) | main.rs:396:5:396:6 | * ... |
| main.rs:421:13:421:33 | result_questionmark(...) | main.rs:421:9:421:9 | _ |
storeStep
| main.rs:94:14:94:22 | source(...) | tuple.0 | main.rs:94:13:94:26 | TupleExpr |
| main.rs:94:25:94:25 | 2 | tuple.1 | main.rs:94:13:94:26 | TupleExpr |
Expand Down Expand Up @@ -540,7 +509,7 @@ storeStep
| main.rs:373:27:373:27 | 2 | array[] | main.rs:373:23:373:31 | [...] |
| main.rs:373:30:373:30 | 3 | array[] | main.rs:373:23:373:31 | [...] |
| main.rs:376:18:376:27 | source(...) | array[] | main.rs:376:5:376:11 | [post] mut_arr |
| main.rs:414:27:414:27 | 0 | Some | main.rs:414:22:414:28 | Some(...) |
| main.rs:404:27:404:27 | 0 | Some | main.rs:404:22:404:28 | Some(...) |
readStep
| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | Some | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::unwrap |
| main.rs:33:9:33:15 | Some(...) | Some | main.rs:33:14:33:14 | _ |
Expand Down
27 changes: 0 additions & 27 deletions rust/ql/test/library-tests/dataflow/local/inline-flow.expected
Original file line number Diff line number Diff line change
Expand Up @@ -99,16 +99,6 @@ edges
| main.rs:377:13:377:19 | mut_arr [array[]] | main.rs:377:13:377:22 | mut_arr[1] | provenance | |
| main.rs:377:13:377:22 | mut_arr[1] | main.rs:378:10:378:10 | d | provenance | |
| main.rs:379:10:379:16 | mut_arr [array[]] | main.rs:379:10:379:19 | mut_arr[0] | provenance | |
| main.rs:383:20:383:52 | if cond {...} else {...} | main.rs:384:10:384:16 | f(...) | provenance | |
| main.rs:383:30:383:39 | source(...) | main.rs:383:20:383:52 | if cond {...} else {...} | provenance | |
| main.rs:388:20:388:23 | ... | main.rs:390:18:390:21 | data | provenance | |
| main.rs:394:13:394:22 | source(...) | main.rs:395:13:395:13 | a | provenance | |
| main.rs:395:13:395:13 | a | main.rs:388:20:388:23 | ... | provenance | |
| main.rs:399:20:399:23 | ... | main.rs:400:9:404:9 | if cond {...} else {...} | provenance | |
| main.rs:405:13:405:22 | source(...) | main.rs:406:21:406:21 | a | provenance | |
| main.rs:406:13:406:22 | f(...) | main.rs:407:10:407:10 | b | provenance | |
| main.rs:406:21:406:21 | a | main.rs:399:20:399:23 | ... | provenance | |
| main.rs:406:21:406:21 | a | main.rs:406:13:406:22 | f(...) | provenance | |
nodes
| main.rs:15:10:15:18 | source(...) | semmle.label | source(...) |
| main.rs:19:13:19:21 | source(...) | semmle.label | source(...) |
Expand Down Expand Up @@ -233,21 +223,7 @@ nodes
| main.rs:378:10:378:10 | d | semmle.label | d |
| main.rs:379:10:379:16 | mut_arr [array[]] | semmle.label | mut_arr [array[]] |
| main.rs:379:10:379:19 | mut_arr[0] | semmle.label | mut_arr[0] |
| main.rs:383:20:383:52 | if cond {...} else {...} | semmle.label | if cond {...} else {...} |
| main.rs:383:30:383:39 | source(...) | semmle.label | source(...) |
| main.rs:384:10:384:16 | f(...) | semmle.label | f(...) |
| main.rs:388:20:388:23 | ... | semmle.label | ... |
| main.rs:390:18:390:21 | data | semmle.label | data |
| main.rs:394:13:394:22 | source(...) | semmle.label | source(...) |
| main.rs:395:13:395:13 | a | semmle.label | a |
| main.rs:399:20:399:23 | ... | semmle.label | ... |
| main.rs:400:9:404:9 | if cond {...} else {...} | semmle.label | if cond {...} else {...} |
| main.rs:405:13:405:22 | source(...) | semmle.label | source(...) |
| main.rs:406:13:406:22 | f(...) | semmle.label | f(...) |
| main.rs:406:21:406:21 | a | semmle.label | a |
| main.rs:407:10:407:10 | b | semmle.label | b |
subpaths
| main.rs:406:21:406:21 | a | main.rs:399:20:399:23 | ... | main.rs:400:9:404:9 | if cond {...} else {...} | main.rs:406:13:406:22 | f(...) |
testFailures
#select
| main.rs:15:10:15:18 | source(...) | main.rs:15:10:15:18 | source(...) | main.rs:15:10:15:18 | source(...) | $@ | main.rs:15:10:15:18 | source(...) | source(...) |
Expand Down Expand Up @@ -282,6 +258,3 @@ testFailures
| main.rs:367:18:367:18 | c | main.rs:362:23:362:32 | source(...) | main.rs:367:18:367:18 | c | $@ | main.rs:362:23:362:32 | source(...) | source(...) |
| main.rs:378:10:378:10 | d | main.rs:376:18:376:27 | source(...) | main.rs:378:10:378:10 | d | $@ | main.rs:376:18:376:27 | source(...) | source(...) |
| main.rs:379:10:379:19 | mut_arr[0] | main.rs:376:18:376:27 | source(...) | main.rs:379:10:379:19 | mut_arr[0] | $@ | main.rs:376:18:376:27 | source(...) | source(...) |
| main.rs:384:10:384:16 | f(...) | main.rs:383:30:383:39 | source(...) | main.rs:384:10:384:16 | f(...) | $@ | main.rs:383:30:383:39 | source(...) | source(...) |
| main.rs:390:18:390:21 | data | main.rs:394:13:394:22 | source(...) | main.rs:390:18:390:21 | data | $@ | main.rs:394:13:394:22 | source(...) | source(...) |
| main.rs:407:10:407:10 | b | main.rs:405:13:405:22 | source(...) | main.rs:407:10:407:10 | b | $@ | main.rs:405:13:405:22 | source(...) | source(...) |
41 changes: 15 additions & 26 deletions rust/ql/test/library-tests/dataflow/local/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -379,32 +379,22 @@ fn array_assignment() {
sink(mut_arr[0]); // $ SPURIOUS: hasValueFlow=55
}

fn closure_flow_out() {
let f = |cond| if cond { source(92) } else { 0 };
sink(f(true)); // $ hasValueFlow=92
}
// -----------------------------------------------------------------------------
// Data flow through mutable borrows

fn closure_flow_in() {
let f = |cond, data|
if cond {
sink(data); // $ hasValueFlow=87
} else {
sink(0)
};
let a = source(87);
f(true, a);
fn read_through_borrow() {
let a = source(21);
let b = &a;
let c = *b;
sink(c); // $ MISSING: hasValueFlow=21
}

fn closure_flow_through() {
let f = |cond, data|
if cond {
data
} else {
0
};
let a = source(43);
let b = f(true, a);
sink(b); // $ hasValueFlow=43
fn write_through_borrow() {
let mut a = 1;
sink(a);
let b = &mut a;
*b = source(39);
sink(a); // $ MISSING: hasValueFlow=39
}

fn main() {
Expand Down Expand Up @@ -440,7 +430,6 @@ fn main() {
array_for_loop();
array_slice_pattern();
array_assignment();
closure_flow_out();
closure_flow_in();
closure_flow_through();
read_through_borrow();
write_through_borrow();
}

0 comments on commit e8357a6

Please sign in to comment.