Skip to content

Commit e5e373c

Browse files
jbjjbj
authored
Merge pull request github#3673 from MathiasVP/assign-op-using-swap
C++: Add tests for taint through swap
2 parents 07bff64 + a38839b commit e5e373c

File tree

8 files changed

+482
-4
lines changed

8 files changed

+482
-4
lines changed

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

Lines changed: 211 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -188,6 +188,217 @@
188188
| stl.cpp:131:15:131:24 | call to user_input | stl.cpp:131:15:131:27 | call to basic_string | TAINT |
189189
| stl.cpp:131:15:131:27 | call to basic_string | stl.cpp:132:7:132:11 | path3 | |
190190
| stl.cpp:132:7:132:11 | path3 | stl.cpp:132:13:132:17 | call to c_str | TAINT |
191+
| swap1.cpp:14:17:14:17 | t | swap1.cpp:14:17:14:17 | t | |
192+
| swap1.cpp:14:17:14:17 | t | swap1.cpp:14:17:14:17 | t | |
193+
| swap1.cpp:14:17:14:17 | t | swap1.cpp:14:56:14:56 | t | |
194+
| swap1.cpp:14:17:14:17 | t | swap1.cpp:14:56:14:56 | t | |
195+
| swap1.cpp:24:9:24:13 | this | swap1.cpp:24:31:24:34 | this | |
196+
| swap1.cpp:24:23:24:26 | that | swap1.cpp:24:23:24:26 | that | |
197+
| swap1.cpp:24:23:24:26 | that | swap1.cpp:24:36:24:39 | that | |
198+
| swap1.cpp:24:36:24:39 | ref arg that | swap1.cpp:24:23:24:26 | that | |
199+
| swap1.cpp:25:9:25:13 | this | swap1.cpp:25:36:25:52 | constructor init of field data1 [pre-this] | |
200+
| swap1.cpp:25:28:25:31 | that | swap1.cpp:25:42:25:45 | that | |
201+
| swap1.cpp:25:47:25:51 | data1 | swap1.cpp:25:36:25:52 | constructor init of field data1 | TAINT |
202+
| swap1.cpp:25:47:25:51 | data1 | swap1.cpp:25:47:25:51 | data1 | |
203+
| swap1.cpp:27:16:27:24 | this | swap1.cpp:30:13:30:16 | this | |
204+
| swap1.cpp:27:39:27:42 | that | swap1.cpp:29:24:29:27 | that | |
205+
| swap1.cpp:29:23:29:27 | call to Class | swap1.cpp:30:18:30:20 | tmp | |
206+
| swap1.cpp:30:13:30:16 | ref arg this | swap1.cpp:31:21:31:24 | this | |
207+
| swap1.cpp:30:13:30:16 | this | swap1.cpp:31:21:31:24 | this | |
208+
| swap1.cpp:31:21:31:24 | this | swap1.cpp:31:20:31:24 | * ... | TAINT |
209+
| swap1.cpp:34:16:34:24 | this | swap1.cpp:36:13:36:16 | this | |
210+
| swap1.cpp:34:34:34:37 | that | swap1.cpp:34:34:34:37 | that | |
211+
| swap1.cpp:34:34:34:37 | that | swap1.cpp:36:18:36:21 | that | |
212+
| swap1.cpp:36:13:36:16 | ref arg this | swap1.cpp:37:21:37:24 | this | |
213+
| swap1.cpp:36:13:36:16 | this | swap1.cpp:37:21:37:24 | this | |
214+
| swap1.cpp:36:18:36:21 | ref arg that | swap1.cpp:34:34:34:37 | that | |
215+
| swap1.cpp:37:21:37:24 | this | swap1.cpp:37:20:37:24 | * ... | TAINT |
216+
| swap1.cpp:40:14:40:17 | this | swap1.cpp:43:18:43:22 | this | |
217+
| swap1.cpp:40:26:40:29 | that | swap1.cpp:40:26:40:29 | that | |
218+
| swap1.cpp:40:26:40:29 | that | swap1.cpp:43:25:43:28 | that | |
219+
| swap1.cpp:43:18:43:22 | data1 | swap1.cpp:43:30:43:34 | ref arg data1 | |
220+
| swap1.cpp:43:25:43:28 | that | swap1.cpp:43:18:43:22 | ref arg data1 | |
221+
| swap1.cpp:43:25:43:28 | that [post update] | swap1.cpp:40:26:40:29 | that | |
222+
| swap1.cpp:43:30:43:34 | data1 | swap1.cpp:43:18:43:22 | ref arg data1 | |
223+
| swap1.cpp:48:22:48:22 | x | swap1.cpp:48:22:48:22 | x | |
224+
| swap1.cpp:48:22:48:22 | x | swap1.cpp:50:9:50:9 | x | |
225+
| swap1.cpp:48:22:48:22 | x | swap2.cpp:48:22:48:22 | x | |
226+
| swap1.cpp:48:22:48:22 | x | swap2.cpp:50:9:50:9 | x | |
227+
| swap1.cpp:48:32:48:32 | y | swap1.cpp:48:32:48:32 | y | |
228+
| swap1.cpp:48:32:48:32 | y | swap1.cpp:50:16:50:16 | y | |
229+
| swap1.cpp:48:32:48:32 | y | swap2.cpp:48:32:48:32 | y | |
230+
| swap1.cpp:48:32:48:32 | y | swap2.cpp:50:16:50:16 | y | |
231+
| swap1.cpp:50:9:50:9 | ref arg x | swap1.cpp:48:22:48:22 | x | |
232+
| swap1.cpp:50:9:50:9 | ref arg x | swap2.cpp:48:22:48:22 | x | |
233+
| swap1.cpp:50:16:50:16 | ref arg y | swap1.cpp:48:32:48:32 | y | |
234+
| swap1.cpp:50:16:50:16 | ref arg y | swap2.cpp:48:32:48:32 | y | |
235+
| swap1.cpp:56:23:56:23 | x | swap1.cpp:58:5:58:5 | x | |
236+
| swap1.cpp:56:23:56:23 | x | swap1.cpp:60:10:60:10 | x | |
237+
| swap1.cpp:56:23:56:23 | x | swap1.cpp:63:9:63:9 | x | |
238+
| swap1.cpp:56:23:56:23 | x | swap1.cpp:66:10:66:10 | x | |
239+
| swap1.cpp:57:23:57:23 | y | swap1.cpp:61:10:61:10 | y | |
240+
| swap1.cpp:57:23:57:23 | y | swap1.cpp:63:5:63:5 | y | |
241+
| swap1.cpp:57:23:57:23 | y | swap1.cpp:65:10:65:10 | y | |
242+
| swap1.cpp:58:5:58:5 | x [post update] | swap1.cpp:60:10:60:10 | x | |
243+
| swap1.cpp:58:5:58:5 | x [post update] | swap1.cpp:63:9:63:9 | x | |
244+
| swap1.cpp:58:5:58:5 | x [post update] | swap1.cpp:66:10:66:10 | x | |
245+
| swap1.cpp:58:5:58:22 | ... = ... | swap1.cpp:60:12:60:16 | data1 | |
246+
| swap1.cpp:58:5:58:22 | ... = ... | swap1.cpp:66:12:66:16 | data1 | |
247+
| swap1.cpp:58:15:58:20 | call to source | swap1.cpp:58:5:58:22 | ... = ... | |
248+
| swap1.cpp:63:5:63:5 | ref arg y | swap1.cpp:65:10:65:10 | y | |
249+
| swap1.cpp:68:23:68:24 | z1 | swap1.cpp:69:5:69:6 | z1 | |
250+
| swap1.cpp:68:23:68:24 | z1 | swap1.cpp:70:10:70:11 | z1 | |
251+
| swap1.cpp:68:23:68:24 | z1 | swap1.cpp:72:10:72:11 | z1 | |
252+
| swap1.cpp:68:23:68:24 | z1 | swap1.cpp:75:10:75:11 | z1 | |
253+
| swap1.cpp:68:27:68:28 | z2 | swap1.cpp:72:14:72:15 | z2 | |
254+
| swap1.cpp:68:27:68:28 | z2 | swap1.cpp:74:10:74:11 | z2 | |
255+
| swap1.cpp:69:5:69:6 | z1 [post update] | swap1.cpp:70:10:70:11 | z1 | |
256+
| swap1.cpp:69:5:69:6 | z1 [post update] | swap1.cpp:72:10:72:11 | z1 | |
257+
| swap1.cpp:69:5:69:6 | z1 [post update] | swap1.cpp:75:10:75:11 | z1 | |
258+
| swap1.cpp:69:5:69:23 | ... = ... | swap1.cpp:70:13:70:17 | data1 | |
259+
| swap1.cpp:69:5:69:23 | ... = ... | swap1.cpp:75:13:75:17 | data1 | |
260+
| swap1.cpp:69:16:69:21 | call to source | swap1.cpp:69:5:69:23 | ... = ... | |
261+
| swap1.cpp:72:10:72:11 | ref arg z1 | swap1.cpp:75:10:75:11 | z1 | |
262+
| swap1.cpp:72:14:72:15 | ref arg z2 | swap1.cpp:74:10:74:11 | z2 | |
263+
| swap1.cpp:80:23:80:23 | x | swap1.cpp:82:5:82:5 | x | |
264+
| swap1.cpp:80:23:80:23 | x | swap1.cpp:84:10:84:10 | x | |
265+
| swap1.cpp:80:23:80:23 | x | swap1.cpp:87:19:87:19 | x | |
266+
| swap1.cpp:80:23:80:23 | x | swap1.cpp:90:10:90:10 | x | |
267+
| swap1.cpp:81:23:81:23 | y | swap1.cpp:85:10:85:10 | y | |
268+
| swap1.cpp:81:23:81:23 | y | swap1.cpp:87:5:87:5 | y | |
269+
| swap1.cpp:81:23:81:23 | y | swap1.cpp:89:10:89:10 | y | |
270+
| swap1.cpp:82:5:82:5 | x [post update] | swap1.cpp:84:10:84:10 | x | |
271+
| swap1.cpp:82:5:82:5 | x [post update] | swap1.cpp:87:19:87:19 | x | |
272+
| swap1.cpp:82:5:82:5 | x [post update] | swap1.cpp:90:10:90:10 | x | |
273+
| swap1.cpp:82:5:82:22 | ... = ... | swap1.cpp:84:12:84:16 | data1 | |
274+
| swap1.cpp:82:5:82:22 | ... = ... | swap1.cpp:90:12:90:16 | data1 | |
275+
| swap1.cpp:82:15:82:20 | call to source | swap1.cpp:82:5:82:22 | ... = ... | |
276+
| swap1.cpp:87:5:87:5 | ref arg y | swap1.cpp:89:10:89:10 | y | |
277+
| swap1.cpp:87:9:87:17 | ref arg call to move | swap1.cpp:87:19:87:19 | x [inner post update] | |
278+
| swap1.cpp:87:9:87:17 | ref arg call to move | swap1.cpp:90:10:90:10 | x | |
279+
| swap1.cpp:87:19:87:19 | x | swap1.cpp:87:9:87:17 | call to move | |
280+
| swap1.cpp:95:23:95:31 | move_from | swap1.cpp:96:5:96:13 | move_from | |
281+
| swap1.cpp:95:23:95:31 | move_from | swap1.cpp:98:10:98:18 | move_from | |
282+
| swap1.cpp:95:23:95:31 | move_from | swap1.cpp:100:41:100:49 | move_from | |
283+
| swap1.cpp:96:5:96:13 | move_from [post update] | swap1.cpp:98:10:98:18 | move_from | |
284+
| swap1.cpp:96:5:96:13 | move_from [post update] | swap1.cpp:100:41:100:49 | move_from | |
285+
| swap1.cpp:96:5:96:30 | ... = ... | swap1.cpp:98:20:98:24 | data1 | |
286+
| swap1.cpp:96:23:96:28 | call to source | swap1.cpp:96:5:96:30 | ... = ... | |
287+
| swap1.cpp:100:31:100:39 | ref arg call to move | swap1.cpp:100:41:100:49 | move_from [inner post update] | |
288+
| swap1.cpp:100:31:100:51 | call to Class | swap1.cpp:102:10:102:16 | move_to | |
289+
| swap1.cpp:100:41:100:49 | move_from | swap1.cpp:100:31:100:39 | call to move | |
290+
| swap2.cpp:14:17:14:17 | t | swap2.cpp:14:17:14:17 | t | |
291+
| swap2.cpp:14:17:14:17 | t | swap2.cpp:14:17:14:17 | t | |
292+
| swap2.cpp:14:17:14:17 | t | swap2.cpp:14:56:14:56 | t | |
293+
| swap2.cpp:14:17:14:17 | t | swap2.cpp:14:56:14:56 | t | |
294+
| swap2.cpp:24:9:24:13 | this | swap2.cpp:24:31:24:34 | this | |
295+
| swap2.cpp:24:23:24:26 | that | swap2.cpp:24:23:24:26 | that | |
296+
| swap2.cpp:24:23:24:26 | that | swap2.cpp:24:36:24:39 | that | |
297+
| swap2.cpp:24:36:24:39 | ref arg that | swap2.cpp:24:23:24:26 | that | |
298+
| swap2.cpp:25:9:25:13 | this | swap2.cpp:25:36:25:52 | constructor init of field data1 [pre-this] | |
299+
| swap2.cpp:25:28:25:31 | that | swap2.cpp:25:42:25:45 | that | |
300+
| swap2.cpp:25:28:25:31 | that | swap2.cpp:25:61:25:64 | that | |
301+
| swap2.cpp:25:36:25:52 | constructor init of field data1 [post-this] | swap2.cpp:25:55:25:71 | constructor init of field data2 [pre-this] | |
302+
| swap2.cpp:25:36:25:52 | constructor init of field data1 [pre-this] | swap2.cpp:25:55:25:71 | constructor init of field data2 [pre-this] | |
303+
| swap2.cpp:25:47:25:51 | data1 | swap2.cpp:25:36:25:52 | constructor init of field data1 | TAINT |
304+
| swap2.cpp:25:47:25:51 | data1 | swap2.cpp:25:47:25:51 | data1 | |
305+
| swap2.cpp:25:66:25:70 | data2 | swap2.cpp:25:55:25:71 | constructor init of field data2 | TAINT |
306+
| swap2.cpp:25:66:25:70 | data2 | swap2.cpp:25:66:25:70 | data2 | |
307+
| swap2.cpp:27:16:27:24 | this | swap2.cpp:30:13:30:16 | this | |
308+
| swap2.cpp:27:39:27:42 | that | swap2.cpp:29:24:29:27 | that | |
309+
| swap2.cpp:29:23:29:27 | call to Class | swap2.cpp:30:18:30:20 | tmp | |
310+
| swap2.cpp:30:13:30:16 | ref arg this | swap2.cpp:31:21:31:24 | this | |
311+
| swap2.cpp:30:13:30:16 | this | swap2.cpp:31:21:31:24 | this | |
312+
| swap2.cpp:31:21:31:24 | this | swap2.cpp:31:20:31:24 | * ... | TAINT |
313+
| swap2.cpp:34:16:34:24 | this | swap2.cpp:36:13:36:16 | this | |
314+
| swap2.cpp:34:34:34:37 | that | swap2.cpp:34:34:34:37 | that | |
315+
| swap2.cpp:34:34:34:37 | that | swap2.cpp:36:18:36:21 | that | |
316+
| swap2.cpp:36:13:36:16 | ref arg this | swap2.cpp:37:21:37:24 | this | |
317+
| swap2.cpp:36:13:36:16 | this | swap2.cpp:37:21:37:24 | this | |
318+
| swap2.cpp:36:18:36:21 | ref arg that | swap2.cpp:34:34:34:37 | that | |
319+
| swap2.cpp:37:21:37:24 | this | swap2.cpp:37:20:37:24 | * ... | TAINT |
320+
| swap2.cpp:40:14:40:17 | this | swap2.cpp:43:18:43:22 | this | |
321+
| swap2.cpp:40:26:40:29 | that | swap2.cpp:40:26:40:29 | that | |
322+
| swap2.cpp:40:26:40:29 | that | swap2.cpp:43:25:43:28 | that | |
323+
| swap2.cpp:40:26:40:29 | that | swap2.cpp:43:50:43:53 | that | |
324+
| swap2.cpp:43:18:43:22 | data1 | swap2.cpp:43:30:43:34 | ref arg data1 | |
325+
| swap2.cpp:43:18:43:22 | this | swap2.cpp:43:43:43:47 | this | |
326+
| swap2.cpp:43:18:43:22 | this [post update] | swap2.cpp:43:43:43:47 | this | |
327+
| swap2.cpp:43:25:43:28 | that | swap2.cpp:43:18:43:22 | ref arg data1 | |
328+
| swap2.cpp:43:25:43:28 | that [post update] | swap2.cpp:40:26:40:29 | that | |
329+
| swap2.cpp:43:25:43:28 | that [post update] | swap2.cpp:43:50:43:53 | that | |
330+
| swap2.cpp:43:30:43:34 | data1 | swap2.cpp:43:18:43:22 | ref arg data1 | |
331+
| swap2.cpp:43:43:43:47 | data2 | swap2.cpp:43:55:43:59 | ref arg data2 | |
332+
| swap2.cpp:43:50:43:53 | that | swap2.cpp:43:43:43:47 | ref arg data2 | |
333+
| swap2.cpp:43:50:43:53 | that [post update] | swap2.cpp:40:26:40:29 | that | |
334+
| swap2.cpp:43:55:43:59 | data2 | swap2.cpp:43:43:43:47 | ref arg data2 | |
335+
| swap2.cpp:48:22:48:22 | x | swap1.cpp:48:22:48:22 | x | |
336+
| swap2.cpp:48:22:48:22 | x | swap1.cpp:50:9:50:9 | x | |
337+
| swap2.cpp:48:22:48:22 | x | swap2.cpp:48:22:48:22 | x | |
338+
| swap2.cpp:48:22:48:22 | x | swap2.cpp:50:9:50:9 | x | |
339+
| swap2.cpp:48:32:48:32 | y | swap1.cpp:48:32:48:32 | y | |
340+
| swap2.cpp:48:32:48:32 | y | swap1.cpp:50:16:50:16 | y | |
341+
| swap2.cpp:48:32:48:32 | y | swap2.cpp:48:32:48:32 | y | |
342+
| swap2.cpp:48:32:48:32 | y | swap2.cpp:50:16:50:16 | y | |
343+
| swap2.cpp:50:9:50:9 | ref arg x | swap1.cpp:48:22:48:22 | x | |
344+
| swap2.cpp:50:9:50:9 | ref arg x | swap2.cpp:48:22:48:22 | x | |
345+
| swap2.cpp:50:16:50:16 | ref arg y | swap1.cpp:48:32:48:32 | y | |
346+
| swap2.cpp:50:16:50:16 | ref arg y | swap2.cpp:48:32:48:32 | y | |
347+
| swap2.cpp:56:23:56:23 | x | swap2.cpp:58:5:58:5 | x | |
348+
| swap2.cpp:56:23:56:23 | x | swap2.cpp:60:10:60:10 | x | |
349+
| swap2.cpp:56:23:56:23 | x | swap2.cpp:63:9:63:9 | x | |
350+
| swap2.cpp:56:23:56:23 | x | swap2.cpp:66:10:66:10 | x | |
351+
| swap2.cpp:57:23:57:23 | y | swap2.cpp:61:10:61:10 | y | |
352+
| swap2.cpp:57:23:57:23 | y | swap2.cpp:63:5:63:5 | y | |
353+
| swap2.cpp:57:23:57:23 | y | swap2.cpp:65:10:65:10 | y | |
354+
| swap2.cpp:58:5:58:5 | x [post update] | swap2.cpp:60:10:60:10 | x | |
355+
| swap2.cpp:58:5:58:5 | x [post update] | swap2.cpp:63:9:63:9 | x | |
356+
| swap2.cpp:58:5:58:5 | x [post update] | swap2.cpp:66:10:66:10 | x | |
357+
| swap2.cpp:58:5:58:22 | ... = ... | swap2.cpp:60:12:60:16 | data1 | |
358+
| swap2.cpp:58:5:58:22 | ... = ... | swap2.cpp:66:12:66:16 | data1 | |
359+
| swap2.cpp:58:15:58:20 | call to source | swap2.cpp:58:5:58:22 | ... = ... | |
360+
| swap2.cpp:63:5:63:5 | ref arg y | swap2.cpp:65:10:65:10 | y | |
361+
| swap2.cpp:68:23:68:24 | z1 | swap2.cpp:69:5:69:6 | z1 | |
362+
| swap2.cpp:68:23:68:24 | z1 | swap2.cpp:70:10:70:11 | z1 | |
363+
| swap2.cpp:68:23:68:24 | z1 | swap2.cpp:72:10:72:11 | z1 | |
364+
| swap2.cpp:68:23:68:24 | z1 | swap2.cpp:75:10:75:11 | z1 | |
365+
| swap2.cpp:68:27:68:28 | z2 | swap2.cpp:72:14:72:15 | z2 | |
366+
| swap2.cpp:68:27:68:28 | z2 | swap2.cpp:74:10:74:11 | z2 | |
367+
| swap2.cpp:69:5:69:6 | z1 [post update] | swap2.cpp:70:10:70:11 | z1 | |
368+
| swap2.cpp:69:5:69:6 | z1 [post update] | swap2.cpp:72:10:72:11 | z1 | |
369+
| swap2.cpp:69:5:69:6 | z1 [post update] | swap2.cpp:75:10:75:11 | z1 | |
370+
| swap2.cpp:69:5:69:23 | ... = ... | swap2.cpp:70:13:70:17 | data1 | |
371+
| swap2.cpp:69:5:69:23 | ... = ... | swap2.cpp:75:13:75:17 | data1 | |
372+
| swap2.cpp:69:16:69:21 | call to source | swap2.cpp:69:5:69:23 | ... = ... | |
373+
| swap2.cpp:72:10:72:11 | ref arg z1 | swap2.cpp:75:10:75:11 | z1 | |
374+
| swap2.cpp:72:14:72:15 | ref arg z2 | swap2.cpp:74:10:74:11 | z2 | |
375+
| swap2.cpp:80:23:80:23 | x | swap2.cpp:82:5:82:5 | x | |
376+
| swap2.cpp:80:23:80:23 | x | swap2.cpp:84:10:84:10 | x | |
377+
| swap2.cpp:80:23:80:23 | x | swap2.cpp:87:19:87:19 | x | |
378+
| swap2.cpp:80:23:80:23 | x | swap2.cpp:90:10:90:10 | x | |
379+
| swap2.cpp:81:23:81:23 | y | swap2.cpp:85:10:85:10 | y | |
380+
| swap2.cpp:81:23:81:23 | y | swap2.cpp:87:5:87:5 | y | |
381+
| swap2.cpp:81:23:81:23 | y | swap2.cpp:89:10:89:10 | y | |
382+
| swap2.cpp:82:5:82:5 | x [post update] | swap2.cpp:84:10:84:10 | x | |
383+
| swap2.cpp:82:5:82:5 | x [post update] | swap2.cpp:87:19:87:19 | x | |
384+
| swap2.cpp:82:5:82:5 | x [post update] | swap2.cpp:90:10:90:10 | x | |
385+
| swap2.cpp:82:5:82:22 | ... = ... | swap2.cpp:84:12:84:16 | data1 | |
386+
| swap2.cpp:82:5:82:22 | ... = ... | swap2.cpp:90:12:90:16 | data1 | |
387+
| swap2.cpp:82:15:82:20 | call to source | swap2.cpp:82:5:82:22 | ... = ... | |
388+
| swap2.cpp:87:5:87:5 | ref arg y | swap2.cpp:89:10:89:10 | y | |
389+
| swap2.cpp:87:9:87:17 | ref arg call to move | swap2.cpp:87:19:87:19 | x [inner post update] | |
390+
| swap2.cpp:87:9:87:17 | ref arg call to move | swap2.cpp:90:10:90:10 | x | |
391+
| swap2.cpp:87:19:87:19 | x | swap2.cpp:87:9:87:17 | call to move | |
392+
| swap2.cpp:95:23:95:31 | move_from | swap2.cpp:96:5:96:13 | move_from | |
393+
| swap2.cpp:95:23:95:31 | move_from | swap2.cpp:98:10:98:18 | move_from | |
394+
| swap2.cpp:95:23:95:31 | move_from | swap2.cpp:100:41:100:49 | move_from | |
395+
| swap2.cpp:96:5:96:13 | move_from [post update] | swap2.cpp:98:10:98:18 | move_from | |
396+
| swap2.cpp:96:5:96:13 | move_from [post update] | swap2.cpp:100:41:100:49 | move_from | |
397+
| swap2.cpp:96:5:96:30 | ... = ... | swap2.cpp:98:20:98:24 | data1 | |
398+
| swap2.cpp:96:23:96:28 | call to source | swap2.cpp:96:5:96:30 | ... = ... | |
399+
| swap2.cpp:100:31:100:39 | ref arg call to move | swap2.cpp:100:41:100:49 | move_from [inner post update] | |
400+
| swap2.cpp:100:31:100:51 | call to Class | swap2.cpp:102:10:102:16 | move_to | |
401+
| swap2.cpp:100:41:100:49 | move_from | swap2.cpp:100:31:100:39 | call to move | |
191402
| taint.cpp:4:27:4:33 | source1 | taint.cpp:6:13:6:19 | source1 | |
192403
| taint.cpp:4:40:4:45 | clean1 | taint.cpp:5:8:5:13 | clean1 | |
193404
| taint.cpp:4:40:4:45 | clean1 | taint.cpp:6:3:6:8 | clean1 | |

cpp/ql/test/library-tests/dataflow/taint-tests/swap.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
namespace std
2+
{
3+
template <class T>
4+
constexpr void swap(T &a, T &b);
5+
}

cpp/ql/test/library-tests/dataflow/taint-tests/swap1.cpp

Lines changed: 103 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
#include "swap.h"
2+
/*
3+
* Note: This file exists in two versions (swap1.cpp and swap2.cpp).
4+
* The only difference is that `IntWrapper` in swap1.cpp contains a single data member, and swap2.cpp
5+
* contains two data members.
6+
*/
7+
8+
int source();
9+
void sink(...);
10+
11+
namespace std
12+
{
13+
template <class T>
14+
T &&move(T &t) noexcept { return static_cast<T &&>(t); } // simplified signature (and implementation)
15+
} // namespace std
16+
17+
namespace IntWrapper
18+
{
19+
struct Class
20+
{
21+
int data1;
22+
23+
Class() = default;
24+
Class(Class &&that) { swap(that); }
25+
Class(const Class &that) : data1(that.data1) {}
26+
27+
Class &operator=(const Class &that)
28+
{
29+
auto tmp = that;
30+
swap(tmp);
31+
return *this;
32+
}
33+
34+
Class &operator=(Class &&that)
35+
{
36+
swap(that);
37+
return *this;
38+
}
39+
40+
void swap(Class &that) noexcept
41+
{
42+
using std::swap;
43+
swap(data1, that.data1);
44+
}
45+
};
46+
47+
// For ADL
48+
void swap(Class &x, Class &y)
49+
{
50+
x.swap(y);
51+
}
52+
} // namespace IntWrapper
53+
54+
void test_copy_assignment_operator()
55+
{
56+
IntWrapper::Class x;
57+
IntWrapper::Class y;
58+
x.data1 = source();
59+
60+
sink(x.data1); // tainted
61+
sink(y.data1); // clean
62+
63+
y = x;
64+
65+
sink(y.data1); // tainted [FALSE NEGATIVE in IR]
66+
sink(x.data1); // tainted
67+
68+
IntWrapper::Class z1, z2;
69+
z1.data1 = source();
70+
sink(z1.data1); // tainted
71+
72+
swap(z1, z2);
73+
74+
sink(z2.data1); // tainted
75+
sink(z1.data1); // clean [FALSE POSITIVE]
76+
}
77+
78+
void test_move_assignment_operator()
79+
{
80+
IntWrapper::Class x;
81+
IntWrapper::Class y;
82+
x.data1 = source();
83+
84+
sink(x.data1); // tainted
85+
sink(y.data1); // clean
86+
87+
y = std::move(x);
88+
89+
sink(y.data1); // tainted [FALSE NEGATIVE in IR]
90+
sink(x.data1); // tainted
91+
}
92+
93+
void test_move_constructor()
94+
{
95+
IntWrapper::Class move_from;
96+
move_from.data1 = source();
97+
98+
sink(move_from.data1); // tainted
99+
100+
IntWrapper::Class move_to(std::move(move_from));
101+
102+
sink(move_to.data1); // tainted [FALSE NEGATIVE in IR]
103+
}

0 commit comments

Comments
 (0)