File tree Expand file tree Collapse file tree 1 file changed +18
-1
lines changed
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal Expand file tree Collapse file tree 1 file changed +18
-1
lines changed Original file line number Diff line number Diff line change @@ -280,7 +280,24 @@ class Node extends TIRDataFlowNode {
280280 * - For (6) there are two results:
281281 * - For the definition generated by `x += 2` the result is `x += 2`
282282 * - For the definition generated by `int y = ...` the result is
283- * also `x += 2`
283+ * also `x += 2`.
284+ *
285+ * For assignments, `node.asDefinition()` and `node.asExpr()` will both exist
286+ * for the same dataflow node. However, for expression such as `x++` that
287+ * both write to `x` and read the current value of `x`, `node.asDefinition()`
288+ * will give you the node corresponding to the value after the increment, and
289+ * `node.asExpr()` will give the node corresponding to the value before the
290+ * increment. For an example of where this patterns, consider the following:
291+ *
292+ * ```cpp
293+ * sink(x++);
294+ * ```
295+ * in the above program, there will not be flow from the node `n` such that
296+ * `n.asDefinition() instanceof IncrementOperation` to the argument of `sink`
297+ * since the value passed to `sink` is the value before to the increment.
298+ * However, there will be dataflow from the node `n` such that
299+ * `n.asExpr() instanceof IncrementOperation` since the result of evaluating
300+ * the expression `x++` is passed to `sink`.
284301 */
285302 Expr asDefinition ( ) {
286303 exists ( StoreInstruction store |
You can’t perform that action at this time.
0 commit comments