C++: Include copy of IntWrapper class with two data members

Author: MathiasVP

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

@@ -0,0 +1,5 @@
+namespace std
+{
+    template <class T>
+    constexpr void swap(T &a, T &b);
+}

cpp/ql/test/library-tests/dataflow/taint-tests/swap.h

@@ -0,0 +1,103 @@
+#include "swap.h"
+/*
+ * Note: This file exists in two versions (swap1.cpp and swap2.cpp).
+ * The only difference is that `IntWrapper` in swap1.cpp contains a single data member, and swap2.cpp
+ * contains two data members.
+ */
+
+int source();
+void sink(...);
+
+namespace std
+{
+    template <class T>
+    T &&move(T &t) noexcept { return static_cast<T &&>(t); } // simplified signature (and implementation)
+} // namespace std
+
+namespace IntWrapper
+{
+    struct Class
+    {
+        int data1;
+
+        Class() = default;
+        Class(Class &&that) { swap(that); }
+        Class(const Class &that) : data1(that.data1) {}
+
+        Class &operator=(const Class &that)
+        {
+            auto tmp = that;
+            swap(tmp);
+            return *this;
+        }
+
+        Class &operator=(Class &&that)
+        {
+            swap(that);
+            return *this;
+        }
+
+        void swap(Class &that) noexcept
+        {
+            using std::swap;
+            swap(data1, that.data1);
+        }
+    };
+
+    // For ADL
+    void swap(Class &x, Class &y)
+    {
+        x.swap(y);
+    }
+} // namespace IntWrapper
+
+void test_copy_assignment_operator()
+{
+    IntWrapper::Class x;
+    IntWrapper::Class y;
+    x.data1 = source();
+
+    sink(x.data1); // tainted
+    sink(y.data1); // clean
+
+    y = x;
+
+    sink(y.data1); // tainted [FALSE NEGATIVE in IR]
+    sink(x.data1); // tainted
+
+    IntWrapper::Class z1, z2;
+    z1.data1 = source();
+    sink(z1.data1); // tainted
+
+    swap(z1, z2);
+
+    sink(z2.data1); // tainted
+    sink(z1.data1); // clean [FALSE POSITIVE]
+}
+
+void test_move_assignment_operator()
+{
+    IntWrapper::Class x;
+    IntWrapper::Class y;
+    x.data1 = source();
+
+    sink(x.data1); // tainted
+    sink(y.data1); // clean
+
+    y = std::move(x);
+
+    sink(y.data1); // tainted [FALSE NEGATIVE in IR]
+    sink(x.data1); // tainted
+}
+
+void test_move_constructor()
+{
+    IntWrapper::Class move_from;
+    move_from.data1 = source();
+
+    sink(move_from.data1); // tainted
+
+    IntWrapper::Class move_to(std::move(move_from));
+
+    sink(move_to.data1); // tainted [FALSE NEGATIVE in IR]
+}

cpp/ql/test/library-tests/dataflow/taint-tests/swap1.cpp

@@ -0,0 +1,103 @@
+#include "swap.h"
+/*
+ * Note: This file exists in two versions (swap1.cpp and swap2.cpp).
+ * The only difference is that `IntWrapper` in swap1.cpp contains a single data member, and swap2.cpp
+ * contains two data members.
+ */
+
+int source();
+void sink(...);
+
+namespace std
+{
+    template <class T>
+    T &&move(T &t) noexcept { return static_cast<T &&>(t); } // simplified signature (and implementation)
+} // namespace std
+
+namespace IntWrapper
+{
+    struct Class
+    {
+        int data1; int data2;
+
+        Class() = default;
+        Class(Class &&that) { swap(that); }
+        Class(const Class &that) : data1(that.data1), data2(that.data2) {}
+
+        Class &operator=(const Class &that)
+        {
+            auto tmp = that;
+            swap(tmp);
+            return *this;
+        }
+
+        Class &operator=(Class &&that)
+        {
+            swap(that);
+            return *this;
+        }
+
+        void swap(Class &that) noexcept
+        {
+            using std::swap;
+            swap(data1, that.data1); swap(data2, that.data2);
+        }
+    };
+
+    // For ADL
+    void swap(Class &x, Class &y)
+    {
+        x.swap(y);
+    }
+} // namespace IntWrapper
+
+void test_copy_assignment_operator()
+{
+    IntWrapper::Class x;
+    IntWrapper::Class y;
+    x.data1 = source();
+
+    sink(x.data1); // tainted
+    sink(y.data1); // clean
+
+    y = x;
+
+    sink(y.data1); // tainted [FALSE NEGATIVE in IR]
+    sink(x.data1); // tainted
+
+    IntWrapper::Class z1, z2;
+    z1.data1 = source();
+    sink(z1.data1); // tainted
+
+    swap(z1, z2);
+
+    sink(z2.data1); // tainted
+    sink(z1.data1); // clean [FALSE POSITIVE]
+}
+
+void test_move_assignment_operator()
+{
+    IntWrapper::Class x;
+    IntWrapper::Class y;
+    x.data1 = source();
+
+    sink(x.data1); // tainted
+    sink(y.data1); // clean
+
+    y = std::move(x);
+
+    sink(y.data1); // tainted [FALSE NEGATIVE in IR]
+    sink(x.data1); // tainted
+}
+
+void test_move_constructor()
+{
+    IntWrapper::Class move_from;
+    move_from.data1 = source();
+
+    sink(move_from.data1); // tainted
+
+    IntWrapper::Class move_to(std::move(move_from));
+
+    sink(move_to.data1); // tainted [FALSE NEGATIVE in IR]
+}

cpp/ql/test/library-tests/dataflow/taint-tests/swap2.cpp

@@ -197,9 +197,9 @@ void test_memcpy(int *source) {
 
 // --- std::swap ---
 
-namespace std {
-	template<class T> constexpr void swap(T& a, T& b);
-}
+#include "swap.h"
+
+
 
 void test_swap() {
 	int x, y;
@@ -484,96 +484,3 @@ void test_getdelim(FILE* source1) {
 
 	sink(line);
 }
-
-namespace std
-{
-	template <class T>
-	T &&move(T &t) noexcept { return static_cast<T&&>(t); } // simplified signature (and implementation)
-}
-
-namespace IntWrapper
-{
-	struct Class
-	{
-		int data;
-
-		Class() = default;
-		Class(Class&& that) { swap(that); }
-		Class(const Class &that) : data(that.data) {}
-
-		Class &operator=(const Class &that)
-		{
-			auto tmp = that;
-			swap(tmp);
-			return *this;
-		}
-
-		Class& operator=(Class&& that) {
-			swap(that);
-			return *this;
-		}
-
-		void swap(Class &that) noexcept
-		{
-			using std::swap;
-			swap(data, that.data);
-		}
-	};
-
-	// For ADL
-	void swap(Class &x, Class &y) {
-		x.swap(y);
-	}
-} // namespace IntWrapper
-
-
-
-void test_copy_assignment_operator() {
-	IntWrapper::Class x;
-	IntWrapper::Class y;
-	x.data = source();
-	
-	sink(x.data); // tainted
-	sink(y.data); // clean
-
-	y = x;
-	
-	sink(y.data); // tainted [FALSE NEGATIVE in IR]
-	sink(x.data); // tainted
-
-	IntWrapper::Class z1, z2;
-	z1.data = source();
-	sink(z1.data); // tainted
-	
-	swap(z1, z2);
-
-	sink(z2.data); // tainted
-	sink(z1.data); // clean [FALSE POSITIVE]
-}
-
-void test_move_assignment_operator()
-{
-	IntWrapper::Class x;
-	IntWrapper::Class y;
-	x.data = source();
-
-	sink(x.data); // tainted
-	sink(y.data); // clean
-
-	y = std::move(x);
-
-	sink(y.data); // tainted [FALSE NEGATIVE in IR]
-	sink(x.data); // tainted
-}
-
-void test_move_constructor()
-{
-	IntWrapper::Class move_from;
-	move_from.data = source();
-
-	sink(move_from.data); // tainted
-
-	IntWrapper::Class move_to(std::move(move_from));
-
-	sink(move_to.data); // tainted [FALSE NEGATIVE in IR]
-}

cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp

@@ -16,6 +16,34 @@
 | stl.cpp:125:13:125:17 | call to c_str | stl.cpp:117:10:117:15 | call to source |
 | stl.cpp:129:13:129:17 | call to c_str | stl.cpp:117:10:117:15 | call to source |
 | stl.cpp:132:13:132:17 | call to c_str | stl.cpp:117:10:117:15 | call to source |
+| swap1.cpp:60:12:60:16 | data1 | swap1.cpp:58:15:58:20 | call to source |
+| swap1.cpp:65:12:65:16 | data1 | swap1.cpp:58:15:58:20 | call to source |
+| swap1.cpp:66:12:66:16 | data1 | swap1.cpp:58:15:58:20 | call to source |
+| swap1.cpp:70:13:70:17 | data1 | swap1.cpp:69:16:69:21 | call to source |
+| swap1.cpp:74:13:74:17 | data1 | swap1.cpp:69:16:69:21 | call to source |
+| swap1.cpp:75:13:75:17 | data1 | swap1.cpp:68:27:68:28 | z2 |
+| swap1.cpp:75:13:75:17 | data1 | swap1.cpp:69:16:69:21 | call to source |
+| swap1.cpp:84:12:84:16 | data1 | swap1.cpp:82:15:82:20 | call to source |
+| swap1.cpp:89:12:89:16 | data1 | swap1.cpp:80:23:80:23 | x |
+| swap1.cpp:89:12:89:16 | data1 | swap1.cpp:82:15:82:20 | call to source |
+| swap1.cpp:90:12:90:16 | data1 | swap1.cpp:82:15:82:20 | call to source |
+| swap1.cpp:98:20:98:24 | data1 | swap1.cpp:96:23:96:28 | call to source |
+| swap1.cpp:102:18:102:22 | data1 | swap1.cpp:95:23:95:31 | move_from |
+| swap1.cpp:102:18:102:22 | data1 | swap1.cpp:96:23:96:28 | call to source |
+| swap2.cpp:60:12:60:16 | data1 | swap2.cpp:58:15:58:20 | call to source |
+| swap2.cpp:65:12:65:16 | data1 | swap2.cpp:58:15:58:20 | call to source |
+| swap2.cpp:66:12:66:16 | data1 | swap2.cpp:58:15:58:20 | call to source |
+| swap2.cpp:70:13:70:17 | data1 | swap2.cpp:69:16:69:21 | call to source |
+| swap2.cpp:74:13:74:17 | data1 | swap2.cpp:69:16:69:21 | call to source |
+| swap2.cpp:75:13:75:17 | data1 | swap2.cpp:68:27:68:28 | z2 |
+| swap2.cpp:75:13:75:17 | data1 | swap2.cpp:69:16:69:21 | call to source |
+| swap2.cpp:84:12:84:16 | data1 | swap2.cpp:82:15:82:20 | call to source |
+| swap2.cpp:89:12:89:16 | data1 | swap2.cpp:80:23:80:23 | x |
+| swap2.cpp:89:12:89:16 | data1 | swap2.cpp:82:15:82:20 | call to source |
+| swap2.cpp:90:12:90:16 | data1 | swap2.cpp:82:15:82:20 | call to source |
+| swap2.cpp:98:20:98:24 | data1 | swap2.cpp:96:23:96:28 | call to source |
+| swap2.cpp:102:18:102:22 | data1 | swap2.cpp:95:23:95:31 | move_from |
+| swap2.cpp:102:18:102:22 | data1 | swap2.cpp:96:23:96:28 | call to source |
 | taint.cpp:8:8:8:13 | clean1 | taint.cpp:4:27:4:33 | source1 |
 | taint.cpp:16:8:16:14 | source1 | taint.cpp:12:22:12:27 | call to source |
 | taint.cpp:17:8:17:16 | ++ ... | taint.cpp:12:22:12:27 | call to source |
@@ -70,17 +98,3 @@
 | taint.cpp:470:7:470:7 | x | taint.cpp:462:6:462:11 | call to source |
 | taint.cpp:471:7:471:7 | y | taint.cpp:462:6:462:11 | call to source |
 | taint.cpp:485:7:485:10 | line | taint.cpp:480:26:480:32 | source1 |
-| taint.cpp:536:9:536:12 | data | taint.cpp:534:11:534:16 | call to source |
-| taint.cpp:541:9:541:12 | data | taint.cpp:534:11:534:16 | call to source |
-| taint.cpp:542:9:542:12 | data | taint.cpp:534:11:534:16 | call to source |
-| taint.cpp:546:10:546:13 | data | taint.cpp:545:12:545:17 | call to source |
-| taint.cpp:550:10:550:13 | data | taint.cpp:545:12:545:17 | call to source |
-| taint.cpp:551:10:551:13 | data | taint.cpp:544:24:544:25 | z2 |
-| taint.cpp:551:10:551:13 | data | taint.cpp:545:12:545:17 | call to source |
-| taint.cpp:560:9:560:12 | data | taint.cpp:558:11:558:16 | call to source |
-| taint.cpp:565:9:565:12 | data | taint.cpp:556:20:556:20 | x |
-| taint.cpp:565:9:565:12 | data | taint.cpp:558:11:558:16 | call to source |
-| taint.cpp:566:9:566:12 | data | taint.cpp:558:11:558:16 | call to source |
-| taint.cpp:574:17:574:20 | data | taint.cpp:572:19:572:24 | call to source |
-| taint.cpp:578:15:578:18 | data | taint.cpp:571:20:571:28 | move_from |
-| taint.cpp:578:15:578:18 | data | taint.cpp:572:19:572:24 | call to source |