C++: Add a small amount of pruning to 'SizeBarrierConfig'.

MathiasVP · MathiasVP · commit 9c5d7350dc3c · 2023-08-25T10:25:28.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll
@@ -222,6 +222,12 @@ private module InterestingPointerAddInstruction {
     )
   }
 
+  /**
+   * Holds if `n` is a size of an allocation whose result flows to the left operand
+   * of a pointer-arithmetic instruction.
+   *
+   * This predicate is used to reduce the set of tuples in `SizeBarrierConfig::isSource`.
+   */
   predicate isInterestingSize(DataFlow::Node n) {
     exists(DataFlow::Node alloc |
       hasSize(alloc.asConvertedExpr(), n, _) and

Original file line number	Diff line number	Diff line change
`@@ -222,6 +222,12 @@ private module InterestingPointerAddInstruction {`
`222`	`222`	`)`
`223`	`223`	`}`
`224`	`224`
	`225`	`+ /**`
	`226`	+ * Holds if `n` is a size of an allocation whose result flows to the left operand
	`227`	`+ * of a pointer-arithmetic instruction.`
	`228`	`+ *`
	`229`	+ * This predicate is used to reduce the set of tuples in `SizeBarrierConfig::isSource`.
	`230`	`+ */`
`225`	`231`	`predicate isInterestingSize(DataFlow::Node n) {`
`226`	`232`	`exists(DataFlow::Node alloc \|`
`227`	`233`	`hasSize(alloc.asConvertedExpr(), n, _) and`