C++: Simplify the description of the source.

MathiasVP · MathiasVP · commit 55cfadb1f4bf · 2023-07-25T09:13:27.000+02:00
diff --git a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll
@@ -22,9 +22,10 @@
  * in `AllocationToInvalidPointer.qll` that are actually being dereferenced. We do this using a regular dataflow
  * configuration (see `InvalidPointerToDerefConfig`).
  *
- * This dataflow traversal defines the set of sources as any dataflow node that is non-strictly lower-bounded by the
- * pointer-arithmetic instruction identified by `AllocationToInvalidPointer.qll`. That is, the set of sources is any
- * dataflow node `source` such that `source.asInstruction() >= pai + delta1` for some `delta1 >= 0`.
+ * This dataflow traversal defines the set of sources as any dataflow node `n` such that there exists a pointer-arithmetic
+ * instruction `pai` found by `AllocationToInvalidPointer.qll` and `n.asInstruction() >= pai + deltaDerefSourceAndPai`.
+ * Here, `deltaDerefSourceAndPai` is the constant difference between the source we track for finding a dereference and the
+ * pointer-arithmetic instruction.
  *
  * The set of sinks is defined to be any address operand `addr` that is non-strictly upper-bounded by the sink. That is,
  * any dataflow node `n` such that `addr <= sink.asInstruction() + delta2` for some `delta2`. We call the instruction that

Original file line number	Diff line number	Diff line change
`@@ -22,9 +22,10 @@`
`22`	`22`	* in `AllocationToInvalidPointer.qll` that are actually being dereferenced. We do this using a regular dataflow
`23`	`23`	* configuration (see `InvalidPointerToDerefConfig`).
`24`	`24`	`*`
`25`		`- * This dataflow traversal defines the set of sources as any dataflow node that is non-strictly lower-bounded by the`
`26`		- * pointer-arithmetic instruction identified by `AllocationToInvalidPointer.qll`. That is, the set of sources is any
`27`		- * dataflow node `source` such that `source.asInstruction() >= pai + delta1` for some `delta1 >= 0`.
	`25`	+ * This dataflow traversal defines the set of sources as any dataflow node `n` such that there exists a pointer-arithmetic
	`26`	+ * instruction `pai` found by `AllocationToInvalidPointer.qll` and `n.asInstruction() >= pai + deltaDerefSourceAndPai`.
	`27`	+ * Here, `deltaDerefSourceAndPai` is the constant difference between the source we track for finding a dereference and the
	`28`	`+ * pointer-arithmetic instruction.`
`28`	`29`	`*`
`29`	`30`	* The set of sinks is defined to be any address operand `addr` that is non-strictly upper-bounded by the sink. That is,
`30`	`31`	* any dataflow node `n` such that `addr <= sink.asInstruction() + delta2` for some `delta2`. We call the instruction that