C++: Undo changes to SizeCheck.ql, SizeCheck2.ql.

geoffw0 · geoffw0 · commit 823c767aac6b · 2023-01-05T12:34:12.000Z
diff --git a/cpp/ql/src/Critical/SizeCheck.ql b/cpp/ql/src/Critical/SizeCheck.ql
@@ -16,7 +16,7 @@
 import cpp
 import semmle.code.cpp.models.Models
 
-predicate baseType(HeuristicAllocationExpr alloc, Type base) {
+predicate baseType(AllocationExpr alloc, Type base) {
   exists(PointerType pointer |
     pointer.getBaseType() = base and
     (
@@ -34,12 +34,12 @@ predicate decideOnSize(Type t, int size) {
   size = min(t.getSize())
 }
 
-from HeuristicAllocationExpr alloc, Type base, int basesize, int allocated
+from AllocationExpr alloc, Type base, int basesize, int allocated
 where
   baseType(alloc, base) and
   allocated = alloc.getSizeBytes() and
   decideOnSize(base, basesize) and
-  alloc.(FunctionCall).getTarget() instanceof HeuristicAllocationFunction and // exclude `new` and similar
+  alloc.(FunctionCall).getTarget() instanceof AllocationFunction and // exclude `new` and similar
   basesize > allocated
 select alloc,
   "Type '" + base.getName() + "' is " + basesize.toString() + " bytes, but only " +
diff --git a/cpp/ql/src/Critical/SizeCheck2.ql b/cpp/ql/src/Critical/SizeCheck2.ql
@@ -16,7 +16,7 @@
 import cpp
 import semmle.code.cpp.models.Models
 
-predicate baseType(HeuristicAllocationExpr alloc, Type base) {
+predicate baseType(AllocationExpr alloc, Type base) {
   exists(PointerType pointer |
     pointer.getBaseType() = base and
     (
@@ -34,12 +34,12 @@ predicate decideOnSize(Type t, int size) {
   size = min(t.getSize())
 }
 
-from HeuristicAllocationExpr alloc, Type base, int basesize, int allocated
+from AllocationExpr alloc, Type base, int basesize, int allocated
 where
   baseType(alloc, base) and
   allocated = alloc.getSizeBytes() and
   decideOnSize(base, basesize) and
-  alloc.(FunctionCall).getTarget() instanceof HeuristicAllocationFunction and // exclude `new` and similar
+  alloc.(FunctionCall).getTarget() instanceof AllocationFunction and // exclude `new` and similar
   // If the codebase has more than one type with the same name, check if any matches
   not exists(int size | base.getSize() = size |
     size = 0 or
diff --git a/cpp/ql/test/query-tests/Critical/SizeCheck/SizeCheck.expected b/cpp/ql/test/query-tests/Critical/SizeCheck/SizeCheck.expected
@@ -3,5 +3,3 @@
 | test.c:32:19:32:24 | call to malloc | Type 'float' is 4 bytes, but only 2 bytes are allocated. |
 | test.c:33:20:33:25 | call to malloc | Type 'double' is 8 bytes, but only 4 bytes are allocated. |
 | test.c:59:15:59:20 | call to malloc | Type 'MyUnion' is 128 bytes, but only 8 bytes are allocated. |
-| test.c:69:20:69:28 | call to MyMalloc1 | Type 'float' is 4 bytes, but only 3 bytes are allocated. |
-| test.c:70:20:70:28 | call to MyMalloc2 | Type 'float' is 4 bytes, but only 3 bytes are allocated. |
diff --git a/cpp/ql/test/query-tests/Critical/SizeCheck/SizeCheck2.expected b/cpp/ql/test/query-tests/Critical/SizeCheck/SizeCheck2.expected
@@ -2,5 +2,3 @@
 | test2.c:17:20:17:25 | call to malloc | Allocated memory (33 bytes) is not a multiple of the size of 'double' (8 bytes). |
 | test2.c:32:23:32:28 | call to malloc | Allocated memory (28 bytes) is not a multiple of the size of 'long long' (8 bytes). |
 | test2.c:33:20:33:25 | call to malloc | Allocated memory (20 bytes) is not a multiple of the size of 'double' (8 bytes). |
-| test2.c:53:21:53:29 | call to MyMalloc1 | Allocated memory (33 bytes) is not a multiple of the size of 'double' (8 bytes). |
-| test2.c:54:21:54:29 | call to MyMalloc2 | Allocated memory (33 bytes) is not a multiple of the size of 'double' (8 bytes). |
diff --git a/cpp/ql/test/query-tests/Critical/SizeCheck/test.c b/cpp/ql/test/query-tests/Critical/SizeCheck/test.c
@@ -66,6 +66,6 @@ void *MyMalloc2(size_t size);
 
 void customAllocatorTests()
 {
-    float *fptr1 = MyMalloc1(3); // BAD (too small)
-    float *fptr2 = MyMalloc2(3); // BAD (too small)
+    float *fptr1 = MyMalloc1(3); // BAD (too small) [NOT DETECTED]
+    float *fptr2 = MyMalloc2(3); // BAD (too small) [NOT DETECTED]
 }
diff --git a/cpp/ql/test/query-tests/Critical/SizeCheck/test2.c b/cpp/ql/test/query-tests/Critical/SizeCheck/test2.c
@@ -50,6 +50,6 @@ void *MyMalloc2(size_t size);
 
 void customAllocatorTests()
 {
-    double *dptr1 = MyMalloc1(33); // BAD -- Not a multiple of sizeof(double)
-    double *dptr2 = MyMalloc2(33); // BAD -- Not a multiple of sizeof(double)
+    double *dptr1 = MyMalloc1(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
+    double *dptr2 = MyMalloc2(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
 }

Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,6 @@ void *MyMalloc2(size_t size);`
`66`	`66`
`67`	`67`	`void customAllocatorTests()`
`68`	`68`	`{`
`69`		`- float *fptr1 = MyMalloc1(3); // BAD (too small)`
`70`		`- float *fptr2 = MyMalloc2(3); // BAD (too small)`
	`69`	`+ float *fptr1 = MyMalloc1(3); // BAD (too small) [NOT DETECTED]`
	`70`	`+ float *fptr2 = MyMalloc2(3); // BAD (too small) [NOT DETECTED]`
`71`	`71`	`}`
Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,6 @@ void *MyMalloc2(size_t size);`
`50`	`50`
`51`	`51`	`void customAllocatorTests()`
`52`	`52`	`{`
`53`		`- double *dptr1 = MyMalloc1(33); // BAD -- Not a multiple of sizeof(double)`
`54`		`- double *dptr2 = MyMalloc2(33); // BAD -- Not a multiple of sizeof(double)`
	`53`	`+ double *dptr1 = MyMalloc1(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]`
	`54`	`+ double *dptr2 = MyMalloc2(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]`
`55`	`55`	`}`