Skip to content

Commit c8f9401

Browse files
MathiasVPMathiasVP
committed
C++: Respond to review comments.
1 parent 8b72146 commit c8f9401

File tree

1 file changed

+14
-13
lines changed

1 file changed

+14
-13
lines changed

cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -16,20 +16,22 @@ import cpp
1616
import semmle.code.cpp.ir.ValueNumbering
1717
import semmle.code.cpp.ir.IR
1818

19+
predicate instructionHasVariable(VariableAddressInstruction vai, StackVariable var, Function f) {
20+
var = vai.getASTVariable() and
21+
f = vai.getEnclosingFunction() and
22+
// Pointer-to-member types aren't properly handled in the dbscheme.
23+
not vai.getResultType() instanceof PointerToMemberType and
24+
// Rule out FPs caused by extraction errors.
25+
not any(ErrorExpr e).getEnclosingFunction() = f
26+
}
27+
1928
/**
2029
* Holds if `source` is the base address of an address computation whose
2130
* result is stored in `address`.
2231
*/
2332
predicate stackPointerFlowsToUse(Instruction address, VariableAddressInstruction source) {
24-
exists(VariableAddressInstruction var |
25-
var = address and
26-
var = source and
27-
var.getASTVariable() instanceof StackVariable and
28-
// Pointer-to-member types aren't properly handled in the dbscheme.
29-
not var.getResultType() instanceof PointerToMemberType and
30-
// Rule out FPs caused by extraction errors.
31-
not any(ErrorExpr e).getEnclosingFunction() = var.getEnclosingFunction()
32-
)
33+
address = source and
34+
instructionHasVariable(source, _, _)
3335
or
3436
stackPointerFlowsToUse(address.(CopyInstruction).getSourceValue(), source)
3537
or
@@ -158,11 +160,10 @@ StoreInstruction getAStoreStrictlyAfter(StoreInstruction store) {
158160
predicate stackAddressEscapes(
159161
StoreInstruction store, StackVariable var, TGlobalAddress globalAddress, Function f
160162
) {
163+
globalAddress = globalValueNumber(store.getDestinationAddress()) and
161164
exists(VariableAddressInstruction vai |
162-
stackPointerFlowsToUse(store.getSourceValue(), vai) and
163-
globalAddress = globalValueNumber(store.getDestinationAddress()) and
164-
f = vai.getEnclosingFunction() and
165-
var = vai.getASTVariable()
165+
instructionHasVariable(pragma[only_bind_into](vai), var, f) and
166+
stackPointerFlowsToUse(store.getSourceValue(), vai)
166167
) and
167168
// Ensure there's no subsequent store that overrides the global address.
168169
not globalAddress = globalValueNumber(getAStoreStrictlyAfter(store).getDestinationAddress())

0 commit comments

Comments
 (0)