C++: Add some tests with missing flow through function objects.

MathiasVP · MathiasVP · commit 6736dd4e8f30 · 2025-07-11T09:36:38.000+01:00
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.ext.yml b/cpp/ql/test/library-tests/dataflow/external-models/flow.ext.yml
@@ -16,4 +16,5 @@ extensions:
       - ["", "", False, "ymlStepManual", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["", "", False, "ymlStepGenerated", "", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
       - ["", "", False, "ymlStepManual_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "ymlStepGenerated_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["", "", False, "ymlStepGenerated_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["", "", False, "callWithArgument", "", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/sinks.expected b/cpp/ql/test/library-tests/dataflow/external-models/sinks.expected
@@ -9,3 +9,7 @@
 | test.cpp:33:10:33:11 | z2 | test-sink |
 | test.cpp:36:10:36:11 | z3 | test-sink |
 | test.cpp:48:16:48:16 | x | test-sink |
+| test.cpp:69:11:69:11 | y | test-sink |
+| test.cpp:75:11:75:11 | y | test-sink |
+| test.cpp:83:11:83:11 | y | test-sink |
+| test.cpp:89:11:89:11 | y | test-sink |
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/sources.expected b/cpp/ql/test/library-tests/dataflow/external-models/sources.expected
@@ -1,6 +1,7 @@
 | asio_streams.cpp:87:34:87:44 | read_until output argument | remote |
 | test.cpp:10:10:10:18 | call to ymlSource | local |
 | test.cpp:56:8:56:16 | call to ymlSource | local |
+| test.cpp:94:10:94:18 | call to ymlSource | local |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | local |
 | windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | local |
 | windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | local |
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/test.cpp b/cpp/ql/test/library-tests/dataflow/external-models/test.cpp
@@ -58,3 +58,48 @@ int test_pthread_create() {
 	pthread_t threadId;
 	pthread_create(&threadId, nullptr, myThreadFunction, (void *)&s);
 }
+
+template<typename F>
+void callWithArgument(F f, int x);
+
+struct StructWithOperatorCall_has_constructor {
+	StructWithOperatorCall_has_constructor();
+
+	void operator()(int y) {
+		ymlSink(y); // $ MISSING: ir
+	}
+};
+
+struct StructWithOperatorCall_no_constructor {
+	void operator()(int y) {
+		ymlSink(y); // $ MISSING: ir
+	}
+};
+
+struct StructWithOperatorCall_has_constructor_2 {
+	StructWithOperatorCall_has_constructor_2();
+
+	void operator()(int y) {
+		ymlSink(y); // $ MISSING: ir
+	}
+};
+
+struct StructWithOperatorCall_no_constructor_2 {
+	void operator()(int y) {
+		ymlSink(y); // $ MISSING: ir
+	}
+};
+
+void test_callWithArgument() {
+	int x = ymlSource();
+	{
+		StructWithOperatorCall_has_constructor func;
+		callWithArgument(func, x);
+	}
+	{
+		StructWithOperatorCall_no_constructor func;
+		callWithArgument(func, x);
+	}
+	callWithArgument(StructWithOperatorCall_has_constructor_2(), x);
+	callWithArgument(StructWithOperatorCall_no_constructor_2(), x);
+}
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
@@ -7777,17 +7777,24 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
 | thread.cpp:24:5:24:5 | s | thread.cpp:26:38:26:38 | s |  |
 | thread.cpp:24:5:24:5 | s | thread.cpp:27:37:27:37 | s |  |
 | thread.cpp:24:5:24:5 | s | thread.cpp:28:38:28:38 | s |  |
+| thread.cpp:24:5:24:5 | s | thread.cpp:32:7:32:7 | s |  |
 | thread.cpp:25:3:25:3 | s [post update] | thread.cpp:26:38:26:38 | s |  |
 | thread.cpp:25:3:25:3 | s [post update] | thread.cpp:27:37:27:37 | s |  |
 | thread.cpp:25:3:25:3 | s [post update] | thread.cpp:28:38:28:38 | s |  |
+| thread.cpp:25:3:25:3 | s [post update] | thread.cpp:32:7:32:7 | s |  |
 | thread.cpp:25:3:25:16 | ... = ... | thread.cpp:25:5:25:5 | x [post update] |  |
 | thread.cpp:25:9:25:14 | call to source | thread.cpp:25:3:25:16 | ... = ... |  |
-| thread.cpp:26:18:26:39 | call to thread | thread.cpp:29:1:29:1 | t1 |  |
+| thread.cpp:26:18:26:39 | call to thread | thread.cpp:33:1:33:1 | t1 |  |
 | thread.cpp:26:38:26:38 | s | thread.cpp:26:37:26:38 | & ... |  |
-| thread.cpp:27:18:27:38 | call to thread | thread.cpp:29:1:29:1 | t2 |  |
+| thread.cpp:27:18:27:38 | call to thread | thread.cpp:33:1:33:1 | t2 |  |
 | thread.cpp:27:37:27:37 | ref arg s | thread.cpp:28:38:28:38 | s |  |
-| thread.cpp:28:18:28:43 | call to thread | thread.cpp:29:1:29:1 | t3 |  |
+| thread.cpp:27:37:27:37 | ref arg s | thread.cpp:32:7:32:7 | s |  |
+| thread.cpp:28:18:28:43 | call to thread | thread.cpp:33:1:33:1 | t3 |  |
 | thread.cpp:28:38:28:38 | s | thread.cpp:28:37:28:38 | & ... |  |
+| thread.cpp:30:18:32:8 | call to thread | thread.cpp:33:1:33:1 | t4 |  |
+| thread.cpp:30:24:30:24 | p | thread.cpp:30:24:30:24 | p |  |
+| thread.cpp:30:24:30:24 | p | thread.cpp:31:10:31:10 | p |  |
+| thread.cpp:32:7:32:7 | s | thread.cpp:32:6:32:7 | & ... |  |
 | vector.cpp:16:43:16:49 | source1 | vector.cpp:17:26:17:32 | source1 |  |
 | vector.cpp:16:43:16:49 | source1 | vector.cpp:31:38:31:44 | source1 |  |
 | vector.cpp:17:21:17:33 | call to vector | vector.cpp:19:14:19:14 | v |  |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
@@ -46936,6 +46936,8 @@ getParameterTypeName
 | stl.h:690:12:690:17 | thread | 0 | func:0 && |
 | stl.h:690:12:690:17 | thread | 0 | func:0 && |
 | stl.h:690:12:690:17 | thread | 0 | func:0 && |
+| stl.h:690:12:690:17 | thread | 0 | func:0 && |
+| stl.h:690:12:690:17 | thread | 1 | func:1 && |
 | stl.h:690:12:690:17 | thread | 1 | func:1 && |
 | stl.h:690:12:690:17 | thread | 1 | func:1 && |
 | stl.h:690:12:690:17 | thread | 1 | func:1 && |
@@ -47196,6 +47198,11 @@ getParameterTypeName
 | thread.cpp:14:6:14:22 | thread_function_2 | 0 | S |
 | thread.cpp:18:6:18:22 | thread_function_3 | 0 | S * |
 | thread.cpp:18:6:18:22 | thread_function_3 | 1 | int |
+| thread.cpp:30:18:30:18 | (unnamed constructor) | 0 | const lambda [] type at line 762, col. 18 & |
+| thread.cpp:30:18:30:18 | (unnamed constructor) | 0 | lambda [] type at line 762, col. 18 && |
+| thread.cpp:30:18:30:18 | operator= | 0 | const lambda [] type at line 762, col. 18 & |
+| thread.cpp:30:20:30:20 | _FUN | 0 | S * |
+| thread.cpp:30:20:30:20 | operator() | 0 | S * |
 | vector.cpp:13:6:13:9 | sink | 0 | int |
 | vector.cpp:14:27:14:30 | sink | 0 | vector> & |
 | vector.cpp:14:27:14:30 | sink | 0 | vector> & |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/thread.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/thread.cpp
@@ -26,4 +26,8 @@ void test_thread() {
   std::thread t1(thread_function_1, &s);
   std::thread t2(thread_function_2, s);
   std::thread t3(thread_function_3, &s, 42);
+
+  std::thread t4([](S* p) {
+    sink(p->x); // $ MISSING: ir
+  }, &s);
 }

Original file line number	Diff line number	Diff line change
`@@ -26,4 +26,8 @@ void test_thread() {`
`26`	`26`	`std::thread t1(thread_function_1, &s);`
`27`	`27`	`std::thread t2(thread_function_2, s);`
`28`	`28`	`std::thread t3(thread_function_3, &s, 42);`
	`29`	`+`
	`30`	`+ std::thread t4([](S* p) {`
	`31`	`+ sink(p->x); // $ MISSING: ir`
	`32`	`+ }, &s);`
`29`	`33`	`}`