C++: Fix missing types. We now assign the node corresponding to **p

MathiasVP · MathiasVP · commit 1db24dd28dfd · 2023-02-27T14:57:36.000Z
an `UnknownType`.
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -809,7 +809,7 @@ private class PostIndirectReturnOutNode extends IndirectReturnOutNode, PostUpdat
  *
  * Returns `t`, but stripped of the outer-most `indirectionIndex` number of indirections.
  */
-Type getTypeImpl(Type t, int indirectionIndex) {
+private Type getTypeImpl0(Type t, int indirectionIndex) {
   indirectionIndex = 0 and
   result = t
   or
@@ -819,12 +819,30 @@ Type getTypeImpl(Type t, int indirectionIndex) {
     // We need to avoid the case where `stripPointer(t) = t` (which can happen on
     // iterators that specify a `value_type` that is the iterator itself). Such a type
     // would create an infinite loop otherwise. For these cases we simply don't produce
-    // a result for `getType`.
+    // a result for `getTypeImpl`.
     stripped.getUnspecifiedType() != t.getUnspecifiedType() and
-    result = getTypeImpl(stripped, indirectionIndex - 1)
+    result = getTypeImpl0(stripped, indirectionIndex - 1)
   )
 }
 
+/**
+ * INTERNAL: Do not use.
+ *
+ * Returns `t`, but stripped of the outer-most `indirectionIndex` number of indirections.
+ *
+ * If `indirectionIndex` cannot be stripped off `t`, an `UnknownType` is returned.
+ */
+bindingset[indirectionIndex]
+Type getTypeImpl(Type t, int indirectionIndex) {
+  result = getTypeImpl0(t, indirectionIndex)
+  or
+  // If we cannot produce the right type we return an error type.
+  // This can sometimes happen when we don't know the real
+  // type of a void pointer.
+  not exists(getTypeImpl0(t, indirectionIndex)) and
+  result instanceof UnknownType
+}
+
 /**
  * INTERNAL: Do not use.
  *
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.expected
@@ -1,59 +1,3 @@
 failures
 astTypeBugs
 irTypeBugs
-| dispatch.cpp:60:18:60:29 | dispatch.cpp:60:18:60:29 | dispatch.cpp:60:18:60:29 | new indirection |
-| dispatch.cpp:60:18:60:29 | dispatch.cpp:60:18:60:29 | dispatch.cpp:60:18:60:29 | new indirection |
-| dispatch.cpp:60:18:60:29 | dispatch.cpp:60:18:60:29 | dispatch.cpp:60:18:60:29 | new indirection |
-| dispatch.cpp:61:18:61:29 | dispatch.cpp:61:18:61:29 | dispatch.cpp:61:18:61:29 | new indirection |
-| dispatch.cpp:61:18:61:29 | dispatch.cpp:61:18:61:29 | dispatch.cpp:61:18:61:29 | new indirection |
-| dispatch.cpp:61:18:61:29 | dispatch.cpp:61:18:61:29 | dispatch.cpp:61:18:61:29 | new indirection |
-| dispatch.cpp:65:10:65:21 | dispatch.cpp:65:10:65:21 | dispatch.cpp:65:10:65:21 | new indirection |
-| dispatch.cpp:65:10:65:21 | dispatch.cpp:65:10:65:21 | dispatch.cpp:65:10:65:21 | new indirection |
-| dispatch.cpp:65:10:65:21 | dispatch.cpp:65:10:65:21 | dispatch.cpp:65:10:65:21 | new indirection |
-| example.c:8:24:8:32 | example.c:8:24:8:32 | example.c:8:24:8:32 | something indirection |
-| example.c:28:14:28:25 | example.c:28:14:28:25 | example.c:28:14:28:25 | & ... indirection |
-| example.c:28:14:28:25 | example.c:28:14:28:25 | example.c:28:14:28:25 | (void *)... indirection |
-| example.c:28:14:28:25 | example.c:28:14:28:25 | example.c:28:14:28:25 | doSomething output argument |
-| file://:0:0:0:0 | file://:0:0:0:0 | file://:0:0:0:0 | (unnamed parameter 0) indirection |
-| file://:0:0:0:0 | file://:0:0:0:0 | file://:0:0:0:0 | overflow_arg_area indirection |
-| file://:0:0:0:0 | file://:0:0:0:0 | file://:0:0:0:0 | reg_save_area indirection |
-| test.cpp:380:20:380:23 | test.cpp:380:20:380:23 | test.cpp:380:20:380:23 | dest indirection |
-| test.cpp:380:38:380:40 | test.cpp:380:38:380:40 | test.cpp:380:38:380:40 | src indirection |
-| test.cpp:384:3:384:8 | test.cpp:384:3:384:8 | test.cpp:384:3:384:8 | call to memcpy indirection |
-| test.cpp:384:10:384:13 | test.cpp:384:10:384:13 | test.cpp:384:10:384:13 | & ... indirection |
-| test.cpp:384:10:384:13 | test.cpp:384:10:384:13 | test.cpp:384:10:384:13 | (void *)... indirection |
-| test.cpp:384:10:384:13 | test.cpp:384:10:384:13 | test.cpp:384:10:384:13 | memcpy output argument |
-| test.cpp:384:16:384:23 | test.cpp:384:16:384:23 | test.cpp:384:16:384:23 | & ... indirection |
-| test.cpp:384:16:384:23 | test.cpp:384:16:384:23 | test.cpp:384:16:384:23 | (const void *)... indirection |
-| test.cpp:391:3:391:8 | test.cpp:391:3:391:8 | test.cpp:391:3:391:8 | call to memcpy indirection |
-| test.cpp:391:10:391:13 | test.cpp:391:10:391:13 | test.cpp:391:10:391:13 | & ... indirection |
-| test.cpp:391:10:391:13 | test.cpp:391:10:391:13 | test.cpp:391:10:391:13 | (void *)... indirection |
-| test.cpp:391:10:391:13 | test.cpp:391:10:391:13 | test.cpp:391:10:391:13 | memcpy output argument |
-| test.cpp:391:16:391:23 | test.cpp:391:16:391:23 | test.cpp:391:16:391:23 | & ... indirection |
-| test.cpp:391:16:391:23 | test.cpp:391:16:391:23 | test.cpp:391:16:391:23 | (const void *)... indirection |
-| test.cpp:400:3:400:8 | test.cpp:400:3:400:8 | test.cpp:400:3:400:8 | call to memcpy indirection |
-| test.cpp:400:10:400:13 | test.cpp:400:10:400:13 | test.cpp:400:10:400:13 | & ... indirection |
-| test.cpp:400:10:400:13 | test.cpp:400:10:400:13 | test.cpp:400:10:400:13 | (void *)... indirection |
-| test.cpp:400:10:400:13 | test.cpp:400:10:400:13 | test.cpp:400:10:400:13 | memcpy output argument |
-| test.cpp:400:16:400:22 | test.cpp:400:16:400:22 | test.cpp:400:16:400:22 | & ... indirection |
-| test.cpp:400:16:400:22 | test.cpp:400:16:400:22 | test.cpp:400:16:400:22 | (const void *)... indirection |
-| test.cpp:407:3:407:8 | test.cpp:407:3:407:8 | test.cpp:407:3:407:8 | call to memcpy indirection |
-| test.cpp:407:10:407:13 | test.cpp:407:10:407:13 | test.cpp:407:10:407:13 | & ... indirection |
-| test.cpp:407:10:407:13 | test.cpp:407:10:407:13 | test.cpp:407:10:407:13 | (void *)... indirection |
-| test.cpp:407:10:407:13 | test.cpp:407:10:407:13 | test.cpp:407:10:407:13 | memcpy output argument |
-| test.cpp:407:16:407:22 | test.cpp:407:16:407:22 | test.cpp:407:16:407:22 | & ... indirection |
-| test.cpp:407:16:407:22 | test.cpp:407:16:407:22 | test.cpp:407:16:407:22 | (const void *)... indirection |
-| test.cpp:481:24:481:27 | test.cpp:481:24:481:27 | test.cpp:481:24:481:27 | (unnamed parameter 0) indirection |
-| test.cpp:488:21:488:30 | test.cpp:488:21:488:30 | test.cpp:488:21:488:30 | (void *)... indirection |
-| test.cpp:488:21:488:30 | test.cpp:488:21:488:30 | test.cpp:488:21:488:30 | content indirection |
-| test.cpp:488:21:488:30 | test.cpp:488:21:488:30 | test.cpp:488:21:488:30 | writes_to_content output argument |
-| test.cpp:615:9:615:9 | test.cpp:615:9:615:9 | test.cpp:615:9:615:9 | definition of q indirection |
-| test.cpp:615:9:615:9 | test.cpp:615:9:615:9 | test.cpp:615:9:615:9 | definition of q indirection |
-| test.cpp:615:9:615:9 | test.cpp:615:9:615:9 | test.cpp:615:9:615:9 | q indirection |
-| test.cpp:615:13:615:21 | test.cpp:615:13:615:21 | test.cpp:615:13:615:21 | & ... indirection |
-| test.cpp:615:13:615:21 | test.cpp:615:13:615:21 | test.cpp:615:13:615:21 | (void *)... indirection |
-| test.cpp:615:13:615:21 | test.cpp:615:13:615:21 | test.cpp:615:13:615:21 | (void *)... indirection |
-| test.cpp:616:17:616:17 | test.cpp:616:17:616:17 | test.cpp:616:17:616:17 | q indirection |
-| test.cpp:616:17:616:17 | test.cpp:616:17:616:17 | test.cpp:616:17:616:17 | q indirection |
-| test.cpp:616:17:616:17 | test.cpp:616:17:616:17 | test.cpp:616:17:616:17 | q indirection |
-| test.cpp:616:17:616:17 | test.cpp:616:17:616:17 | test.cpp:616:17:616:17 | q indirection |
diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected
@@ -199,6 +199,7 @@
 | realistic.cpp:26:5:26:10 | offset | AST only |
 | realistic.cpp:49:20:49:22 | baz | AST only |
 | realistic.cpp:53:35:53:43 | bufferLen | AST only |
+| realistic.cpp:54:50:54:61 | call to user_input | IR only |
 | realistic.cpp:55:16:55:18 | foo | IR only |
 | realistic.cpp:55:23:55:25 | access to array | IR only |
 | realistic.cpp:55:28:55:36 | baz | IR only |
@@ -207,6 +208,7 @@
 | realistic.cpp:57:99:57:101 | access to array | IR only |
 | realistic.cpp:57:104:57:112 | baz | IR only |
 | realistic.cpp:57:114:57:122 | userInput | IR only |
+| realistic.cpp:60:21:60:52 | buffer | IR only |
 | realistic.cpp:60:25:60:27 | foo | IR only |
 | realistic.cpp:60:32:60:34 | access to array | IR only |
 | realistic.cpp:60:37:60:45 | baz | IR only |
diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected
@@ -512,6 +512,7 @@
 | realistic.cpp:54:27:54:29 | baz |
 | realistic.cpp:54:32:54:40 | userInput |
 | realistic.cpp:54:42:54:47 | buffer |
+| realistic.cpp:54:50:54:59 | call to user_input |
 | realistic.cpp:55:12:55:14 | foo |
 | realistic.cpp:55:12:55:21 | access to array |
 | realistic.cpp:55:23:55:25 | baz |
@@ -525,6 +526,7 @@
 | realistic.cpp:60:21:60:30 | access to array |
 | realistic.cpp:60:32:60:34 | baz |
 | realistic.cpp:60:37:60:45 | userInput |
+| realistic.cpp:60:47:60:52 | buffer |
 | realistic.cpp:60:55:60:57 | foo |
 | realistic.cpp:60:55:60:64 | access to array |
 | realistic.cpp:60:66:60:68 | baz |
