C++: 'Step 1' does not make a lot of sense now that the files have been split.

MathiasVP · MathiasVP · commit 359a9e5fe807 · 2023-07-25T09:07:01.000+02:00
diff --git a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll
@@ -18,8 +18,9 @@
  *
  * Merely _constructing_ a pointer that's out-of-bounds is fine if the pointer is never dereferenced (in reality, the
  * standard only guarentees that it's safe to move the pointer one element past the last element. But we ignore that
- * here). So this step is about identifying which of those out-of-bounds pointers identified from step 1 that are
- * actually being dereferenced. We do this using a regular dataflow configuration (see `InvalidPointerToDerefConfig`).
+ * here). So this step is about identifying which of those out-of-bounds pointers found by `pointerAddInstructionHasBounds`
+ * in `AllocationToInvalidPointer.qll` that are actually being dereferenced. We do this using a regular dataflow
+ * configuration (see `InvalidPointerToDerefConfig`).
  *
  * This dataflow traversal defines the set of sources as any dataflow node that is non-strictly lower-bounded by the
  * pointer-arithmetic instruction identified by `AllocationToInvalidPointer.qll`. That is, the set of sources is any

Original file line number	Diff line number	Diff line change
`@@ -18,8 +18,9 @@`
`18`	`18`	`*`
`19`	`19`	`* Merely _constructing_ a pointer that's out-of-bounds is fine if the pointer is never dereferenced (in reality, the`
`20`	`20`	`* standard only guarentees that it's safe to move the pointer one element past the last element. But we ignore that`
`21`		`- * here). So this step is about identifying which of those out-of-bounds pointers identified from step 1 that are`
`22`		- * actually being dereferenced. We do this using a regular dataflow configuration (see `InvalidPointerToDerefConfig`).
	`21`	+ * here). So this step is about identifying which of those out-of-bounds pointers found by `pointerAddInstructionHasBounds`
	`22`	+ * in `AllocationToInvalidPointer.qll` that are actually being dereferenced. We do this using a regular dataflow
	`23`	+ * configuration (see `InvalidPointerToDerefConfig`).
`23`	`24`	`*`
`24`	`25`	`* This dataflow traversal defines the set of sources as any dataflow node that is non-strictly lower-bounded by the`
`25`	`26`	* pointer-arithmetic instruction identified by `AllocationToInvalidPointer.qll`. That is, the set of sources is any