From 2089bcdc9f97239eb37e98a543986a604100c947 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:16:49 +0200 Subject: [PATCH 01/13] Comvert ARR37-C to use the new dataflow library --- ...interArithmeticOnNonArrayObjectPointers.ql | 2 +- ...rithmeticOnNonArrayObjectPointers.expected | 21 +++++++++---------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql b/c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql index 635d9d5c0..39e15c7ad 100644 --- a/c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql +++ b/c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import NonArrayPointerToArrayIndexingExprFlow::PathGraph /** diff --git a/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected b/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected index fb0074e0e..adabbcf75 100644 --- a/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected +++ b/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected @@ -1,22 +1,21 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:28,60-68) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:29,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:41,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:49,26-34) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:70,3-11) edges -| test.c:14:38:14:39 | p1 | test.c:18:10:18:11 | v1 | provenance | | -| test.c:14:38:14:39 | p1 | test.c:19:10:19:11 | v2 | provenance | | +| test.c:14:38:14:39 | p1 | test.c:16:13:16:14 | p1 | provenance | | +| test.c:14:38:14:39 | p1 | test.c:17:13:17:14 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:20:10:20:11 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:21:10:21:11 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:22:9:22:10 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:23:13:23:14 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:24:9:24:10 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:25:9:25:10 | p1 | provenance | | +| test.c:16:13:16:14 | p1 | test.c:18:10:18:13 | ... ++ | provenance | | +| test.c:17:13:17:14 | p1 | test.c:19:10:19:13 | ... -- | provenance | | | test.c:51:30:51:38 | & ... | test.c:14:38:14:39 | p1 | provenance | | nodes | test.c:14:38:14:39 | p1 | semmle.label | p1 | -| test.c:18:10:18:11 | v1 | semmle.label | v1 | -| test.c:19:10:19:11 | v2 | semmle.label | v2 | +| test.c:16:13:16:14 | p1 | semmle.label | p1 | +| test.c:17:13:17:14 | p1 | semmle.label | p1 | +| test.c:18:10:18:13 | ... ++ | semmle.label | ... ++ | +| test.c:19:10:19:13 | ... -- | semmle.label | ... -- | | test.c:20:10:20:11 | p1 | semmle.label | p1 | | test.c:21:10:21:11 | p1 | semmle.label | p1 | | test.c:22:9:22:10 | p1 | semmle.label | p1 | @@ -32,8 +31,8 @@ nodes | test.c:51:30:51:38 | & ... | semmle.label | & ... | subpaths #select -| test.c:18:10:18:11 | v1 | test.c:51:30:51:38 | & ... | test.c:18:10:18:11 | v1 | Pointer arithmetic on non-array object pointer. | -| test.c:19:10:19:11 | v2 | test.c:51:30:51:38 | & ... | test.c:19:10:19:11 | v2 | Pointer arithmetic on non-array object pointer. | +| test.c:18:10:18:13 | ... ++ | test.c:51:30:51:38 | & ... | test.c:18:10:18:13 | ... ++ | Pointer arithmetic on non-array object pointer. | +| test.c:19:10:19:13 | ... -- | test.c:51:30:51:38 | & ... | test.c:19:10:19:13 | ... -- | Pointer arithmetic on non-array object pointer. | | test.c:20:10:20:11 | p1 | test.c:51:30:51:38 | & ... | test.c:20:10:20:11 | p1 | Pointer arithmetic on non-array object pointer. | | test.c:21:10:21:11 | p1 | test.c:51:30:51:38 | & ... | test.c:21:10:21:11 | p1 | Pointer arithmetic on non-array object pointer. | | test.c:22:9:22:10 | p1 | test.c:51:30:51:38 | & ... | test.c:22:9:22:10 | p1 | Pointer arithmetic on non-array object pointer. | From cf1b625569a8e79c82561f3e12119ca41b8c4422 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:19:48 +0200 Subject: [PATCH 02/13] Conver ARR39-C to the new dataflow library Observe that `sizeof(...)` might not occur as a dataflow node if it has a parent node with a concrete value. That value will be a dataflow node instead. Hence, the query has be changed to check for expressions where `sizeof(...)` is a child of an expression with a concrete value. --- .../DoNotAddOrSubtractAScaledIntegerToAPointer.ql | 8 +++++--- ...NotAddOrSubtractAScaledIntegerToAPointer.expected | 12 ++++++------ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql b/c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql index c3ebd6ede..18631f579 100644 --- a/c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql +++ b/c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.types.Pointers -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import ScaledIntegerPointerArithmeticFlow::PathGraph /** @@ -61,9 +61,11 @@ class ScaledIntegerExpr extends Expr { ScaledIntegerExpr() { not this.getParent*() instanceof ArrayCountOfExpr and ( - this.(SizeofExprOperator).getExprOperand().getType().getSize() > 1 + exists(this.getValue()) and + this.getAChild*().(SizeofExprOperator).getExprOperand().getType().getSize() > 1 or - this.(SizeofTypeOperator).getTypeOperand().getSize() > 1 + exists(this.getValue()) and + this.getAChild*().(SizeofTypeOperator).getTypeOperand().getSize() > 1 or this instanceof OffsetOfExpr ) diff --git a/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected b/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected index 0a6471dea..7a7f74054 100644 --- a/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected +++ b/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected @@ -1,22 +1,22 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:77,56-64) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:78,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:80,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:89,45-53) edges | test.c:7:13:7:14 | p1 | test.c:9:9:9:10 | p1 | provenance | | +| test.c:16:19:16:41 | ... - ... | test.c:16:19:16:41 | ... - ... | provenance | | | test.c:16:19:16:41 | ... - ... | test.c:18:26:18:31 | offset | provenance | | | test.c:16:19:16:41 | ... - ... | test.c:29:6:29:11 | offset | provenance | | +| test.c:17:17:17:26 | sizeof() | test.c:17:17:17:26 | sizeof() | provenance | | | test.c:17:17:17:26 | sizeof() | test.c:23:9:23:12 | size | provenance | | | test.c:29:6:29:11 | offset | test.c:7:13:7:14 | p1 | provenance | | nodes | test.c:7:13:7:14 | p1 | semmle.label | p1 | | test.c:9:9:9:10 | p1 | semmle.label | p1 | | test.c:16:19:16:41 | ... - ... | semmle.label | ... - ... | +| test.c:16:19:16:41 | ... - ... | semmle.label | ... - ... | +| test.c:17:17:17:26 | sizeof() | semmle.label | sizeof() | | test.c:17:17:17:26 | sizeof() | semmle.label | sizeof() | | test.c:18:26:18:31 | offset | semmle.label | offset | | test.c:23:9:23:12 | size | semmle.label | size | | test.c:25:9:25:18 | sizeof() | semmle.label | sizeof() | -| test.c:27:17:27:26 | sizeof() | semmle.label | sizeof() | +| test.c:27:12:27:26 | ... / ... | semmle.label | ... / ... | | test.c:29:6:29:11 | offset | semmle.label | offset | subpaths #select @@ -24,4 +24,4 @@ subpaths | test.c:18:26:18:31 | offset | test.c:16:19:16:41 | ... - ... | test.c:18:26:18:31 | offset | Scaled integer used in pointer arithmetic. | | test.c:23:9:23:12 | size | test.c:17:17:17:26 | sizeof() | test.c:23:9:23:12 | size | Scaled integer used in pointer arithmetic. | | test.c:25:9:25:18 | sizeof() | test.c:25:9:25:18 | sizeof() | test.c:25:9:25:18 | sizeof() | Scaled integer used in pointer arithmetic. | -| test.c:27:17:27:26 | sizeof() | test.c:27:17:27:26 | sizeof() | test.c:27:17:27:26 | sizeof() | Scaled integer used in pointer arithmetic. | +| test.c:27:12:27:26 | ... / ... | test.c:27:12:27:26 | ... / ... | test.c:27:12:27:26 | ... / ... | Scaled integer used in pointer arithmetic. | From 8d73f3bf3402b2220a1bcef3e7556705471b411d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:23:50 +0200 Subject: [PATCH 03/13] Convert ERR30-C to use the new dataflow library --- c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql | 2 +- c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql | 2 +- c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected | 1 - c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected | 1 - 4 files changed, 2 insertions(+), 4 deletions(-) diff --git a/c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql b/c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql index 13f7e4030..bea6ae3ec 100644 --- a/c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql +++ b/c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Errno -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * A call to an `OutOfBandErrnoSettingFunction` diff --git a/c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql b/c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql index a7ccf8c04..eaecf29a8 100644 --- a/c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql +++ b/c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Errno -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class SetlocaleFunctionCall extends FunctionCall { SetlocaleFunctionCall() { this.getTarget().hasGlobalName("setlocale") } diff --git a/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected b/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected index 125f55118..b6d7caa51 100644 --- a/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected +++ b/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ErrnoReadBeforeReturn.ql:46,7-15) | test.c:69:7:69:11 | * ... | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell | | test.c:69:7:69:11 | call to __errno_location | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell | | test.c:70:5:70:10 | call to perror | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell | diff --git a/c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected b/c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected index 20a7ff60b..9ab88a339 100644 --- a/c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected +++ b/c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected @@ -1,3 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (SetlocaleMightSetErrno.ql:70,7-15) | test.c:98:3:98:11 | call to setlocale | Do not read `errno` before checking the return value of a call to `setlocale`. | | test.c:104:7:104:15 | call to setlocale | The value of `errno` may be different than `0` when `setlocale` is called. The following `errno` check might be invalid. | From 7a1577e94f0586f38e657ce5bed7069c15480b75 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:27:50 +0200 Subject: [PATCH 04/13] Convert FIO45-C to use the new dataflow library --- .../rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql | 2 +- .../FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql b/c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql index 85369b502..0500294b9 100644 --- a/c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql +++ b/c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.standardlibrary.FileAccess -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.valuenumbering.GlobalValueNumbering /** diff --git a/c/cert/test/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected b/c/cert/test/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected index a211aa400..1b2923b78 100644 --- a/c/cert/test/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected +++ b/c/cert/test/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected @@ -1,3 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ToctouRaceConditionsWhileAccessingFiles.ql:32,35-43) | test.c:4:13:4:17 | call to fopen | This call is trying to prevent an existing file from being overwritten by $@. An attacker might be able to exploit the race window between the two calls. | test.c:11:9:11:13 | call to fopen | another call | | test.c:88:13:88:17 | call to fopen | This call is trying to prevent an existing file from being overwritten by $@. An attacker might be able to exploit the race window between the two calls. | test.c:95:9:95:13 | call to fopen | another call | From c5c6c58b72bc35ddac06714267d3feaa747b6255 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:29:48 +0200 Subject: [PATCH 05/13] Convert EXP36-C to the new datafow library Note that we now properly report the offending cast instead of the expression that is being cast. --- ...PointerToMoreStrictlyAlignedPointerType.ql | 2 +- ...rToMoreStrictlyAlignedPointerType.expected | 479 +++++++++--------- 2 files changed, 247 insertions(+), 234 deletions(-) diff --git a/c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql b/c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql index 0d294e48b..7b428a7ee 100644 --- a/c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql +++ b/c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Alignment -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis import ExprWithAlignmentToCStyleCastFlow::PathGraph diff --git a/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected b/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected index eb7642ae2..381f2b053 100644 --- a/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected +++ b/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected @@ -1,277 +1,290 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:103,86-94) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:125,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:127,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:132,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:138,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:144,55-63) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:145,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:147,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:154,26-34) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:169,44-52) edges -| test.c:75:14:75:16 | & ... | test.c:76:11:76:12 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:77:12:77:13 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:78:10:78:11 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:79:12:79:13 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:80:11:80:12 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:81:13:81:14 | v1 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:85:11:85:12 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:86:12:86:13 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:87:10:87:11 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:88:12:88:13 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:89:11:89:12 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:90:13:90:14 | v2 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:94:11:94:12 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:95:12:95:13 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:96:10:96:11 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:97:12:97:13 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:98:11:98:12 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:99:13:99:14 | v3 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:103:11:103:12 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:104:12:104:13 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:105:10:105:11 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:106:12:106:13 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:107:11:107:12 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:108:13:108:14 | v4 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:112:11:112:12 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:113:12:113:13 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:114:10:114:11 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:115:12:115:13 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:116:11:116:12 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:117:13:117:14 | v5 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:121:11:121:12 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:122:12:122:13 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:123:10:123:11 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:124:12:124:13 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:125:11:125:12 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:126:13:126:14 | v6 | provenance | | -| test.c:129:22:129:22 | v | test.c:130:17:130:17 | v | provenance | | -| test.c:135:21:135:23 | & ... | test.c:129:22:129:22 | v | provenance | | -| test.c:138:21:138:23 | & ... | test.c:129:22:129:22 | v | provenance | | -| test.c:166:24:166:29 | call to malloc | test.c:167:13:167:15 | & ... | provenance | | -| test.c:166:24:166:29 | call to malloc | test.c:168:16:168:17 | s1 | provenance | | -| test.c:166:24:166:29 | call to malloc | test.c:169:13:169:14 | s1 | provenance | | -| test.c:166:24:166:29 | call to malloc | test.c:169:13:169:14 | s1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:75:14:75:16 | & ... | provenance | | +| test.c:75:14:75:16 | & ... | test.c:76:3:76:12 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:77:3:77:13 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:78:3:78:11 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:79:3:79:13 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:80:3:80:12 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:81:3:81:14 | v1 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:84:14:84:16 | & ... | provenance | | +| test.c:84:14:84:16 | & ... | test.c:85:3:85:12 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:86:3:86:13 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:87:3:87:11 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:88:3:88:13 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:89:3:89:12 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:90:3:90:14 | v2 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:93:14:93:16 | & ... | provenance | | +| test.c:93:14:93:16 | & ... | test.c:94:3:94:12 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:95:3:95:13 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:96:3:96:11 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:97:3:97:13 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:98:3:98:12 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:99:3:99:14 | v3 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:102:14:102:16 | & ... | provenance | | +| test.c:102:14:102:16 | & ... | test.c:103:3:103:12 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:104:3:104:13 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:105:3:105:11 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:106:3:106:13 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:107:3:107:12 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:108:3:108:14 | v4 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:111:14:111:16 | & ... | provenance | | +| test.c:111:14:111:16 | & ... | test.c:112:3:112:12 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:113:3:113:13 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:114:3:114:11 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:115:3:115:13 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:116:3:116:12 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:117:3:117:14 | v5 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:120:14:120:16 | & ... | provenance | | +| test.c:120:14:120:16 | & ... | test.c:121:3:121:12 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:122:3:122:13 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:123:3:123:11 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:124:3:124:13 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:125:3:125:12 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:126:3:126:14 | v6 | provenance | | +| test.c:129:22:129:22 | v | test.c:130:10:130:17 | v | provenance | | +| test.c:135:13:135:23 | & ... | test.c:129:22:129:22 | v | provenance | | +| test.c:138:13:138:23 | & ... | test.c:129:22:129:22 | v | provenance | | +| test.c:166:15:166:33 | call to malloc | test.c:166:15:166:33 | call to malloc | provenance | | +| test.c:166:15:166:33 | call to malloc | test.c:168:3:168:17 | s1 | provenance | | +| test.c:166:15:166:33 | call to malloc | test.c:169:13:169:14 | s1 | provenance | | +| test.c:166:15:166:33 | call to malloc | test.c:169:13:169:14 | s1 | provenance | | | test.c:169:13:169:14 | s1 | test.c:129:22:129:22 | v | provenance | | | test.c:174:13:174:14 | s2 | test.c:129:22:129:22 | v | provenance | | | test.c:179:13:179:14 | s3 | test.c:129:22:129:22 | v | provenance | | -| test.c:183:14:183:26 | call to aligned_alloc | test.c:184:11:184:12 | v1 | provenance | | -| test.c:183:14:183:26 | call to aligned_alloc | test.c:185:10:185:11 | v1 | provenance | | -| test.c:183:14:183:26 | call to aligned_alloc | test.c:186:13:186:14 | v1 | provenance | | +| test.c:183:14:183:26 | call to aligned_alloc | test.c:183:14:183:26 | call to aligned_alloc | provenance | | +| test.c:183:14:183:26 | call to aligned_alloc | test.c:184:3:184:12 | v1 | provenance | | +| test.c:183:14:183:26 | call to aligned_alloc | test.c:185:3:185:11 | v1 | provenance | | +| test.c:183:14:183:26 | call to aligned_alloc | test.c:186:3:186:14 | v1 | provenance | | | test.c:183:14:183:26 | call to aligned_alloc | test.c:187:13:187:14 | v1 | provenance | | | test.c:187:13:187:14 | v1 | test.c:129:22:129:22 | v | provenance | | +| test.c:189:14:189:26 | call to aligned_alloc | test.c:189:14:189:26 | call to aligned_alloc | provenance | | | test.c:189:14:189:26 | call to aligned_alloc | test.c:190:13:190:14 | v2 | provenance | | | test.c:190:13:190:14 | v2 | test.c:129:22:129:22 | v | provenance | | -| test.c:222:8:222:9 | p2 | test.c:223:11:223:12 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:224:12:224:13 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:225:10:225:11 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:226:12:226:13 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:227:11:227:12 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:228:13:228:14 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:223:3:223:12 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:224:3:224:13 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:225:3:225:11 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:226:3:226:13 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:227:3:227:12 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:228:3:228:14 | v1 | provenance | | +| test.c:222:8:222:9 | p2 | test.c:222:3:222:9 | ... = ... | provenance | | +| test.c:238:13:238:14 | & ... | test.c:238:13:238:14 | & ... | provenance | | | test.c:238:13:238:14 | & ... | test.c:244:12:244:13 | ip | provenance | | -| test.c:241:15:241:18 | & ... | test.c:247:9:247:12 | & ... | provenance | | -| test.c:252:16:252:18 | & ... | test.c:254:11:254:13 | ps1 | provenance | | -| test.c:252:16:252:18 | & ... | test.c:256:10:256:12 | ps1 | provenance | | +| test.c:240:16:240:19 | & ... | test.c:246:9:246:12 | & ... | provenance | | +| test.c:252:16:252:18 | & ... | test.c:252:16:252:18 | & ... | provenance | | +| test.c:252:16:252:18 | & ... | test.c:254:3:254:13 | ps1 | provenance | | +| test.c:252:16:252:18 | & ... | test.c:256:3:256:12 | ps1 | provenance | | nodes -| test.c:7:11:7:13 | & ... | semmle.label | & ... | -| test.c:8:12:8:14 | & ... | semmle.label | & ... | -| test.c:9:10:9:12 | & ... | semmle.label | & ... | -| test.c:10:11:10:13 | & ... | semmle.label | & ... | -| test.c:11:12:11:14 | & ... | semmle.label | & ... | -| test.c:12:13:12:15 | & ... | semmle.label | & ... | -| test.c:15:11:15:13 | & ... | semmle.label | & ... | -| test.c:16:12:16:14 | & ... | semmle.label | & ... | -| test.c:17:10:17:12 | & ... | semmle.label | & ... | -| test.c:18:11:18:13 | & ... | semmle.label | & ... | -| test.c:19:12:19:14 | & ... | semmle.label | & ... | -| test.c:20:13:20:15 | & ... | semmle.label | & ... | -| test.c:23:11:23:13 | & ... | semmle.label | & ... | -| test.c:24:12:24:14 | & ... | semmle.label | & ... | -| test.c:25:10:25:12 | & ... | semmle.label | & ... | -| test.c:26:12:26:14 | & ... | semmle.label | & ... | -| test.c:27:11:27:13 | & ... | semmle.label | & ... | -| test.c:28:13:28:15 | & ... | semmle.label | & ... | -| test.c:31:11:31:13 | & ... | semmle.label | & ... | -| test.c:32:12:32:14 | & ... | semmle.label | & ... | -| test.c:33:10:33:12 | & ... | semmle.label | & ... | -| test.c:34:12:34:14 | & ... | semmle.label | & ... | -| test.c:35:11:35:13 | & ... | semmle.label | & ... | -| test.c:36:13:36:15 | & ... | semmle.label | & ... | -| test.c:39:11:39:13 | & ... | semmle.label | & ... | -| test.c:40:12:40:14 | & ... | semmle.label | & ... | -| test.c:41:10:41:12 | & ... | semmle.label | & ... | -| test.c:42:12:42:14 | & ... | semmle.label | & ... | -| test.c:43:11:43:13 | & ... | semmle.label | & ... | -| test.c:44:13:44:15 | & ... | semmle.label | & ... | -| test.c:47:11:47:13 | & ... | semmle.label | & ... | -| test.c:48:12:48:14 | & ... | semmle.label | & ... | -| test.c:49:10:49:12 | & ... | semmle.label | & ... | -| test.c:50:12:50:14 | & ... | semmle.label | & ... | -| test.c:51:11:51:13 | & ... | semmle.label | & ... | -| test.c:52:13:52:15 | & ... | semmle.label | & ... | -| test.c:57:11:57:13 | & ... | semmle.label | & ... | -| test.c:58:12:58:14 | & ... | semmle.label | & ... | -| test.c:59:10:59:12 | & ... | semmle.label | & ... | -| test.c:60:12:60:14 | & ... | semmle.label | & ... | -| test.c:61:11:61:13 | & ... | semmle.label | & ... | -| test.c:62:13:62:15 | & ... | semmle.label | & ... | -| test.c:65:11:65:13 | & ... | semmle.label | & ... | -| test.c:66:12:66:14 | & ... | semmle.label | & ... | -| test.c:67:10:67:12 | & ... | semmle.label | & ... | -| test.c:68:12:68:14 | & ... | semmle.label | & ... | -| test.c:69:11:69:13 | & ... | semmle.label | & ... | -| test.c:70:13:70:15 | & ... | semmle.label | & ... | +| test.c:7:3:7:13 | & ... | semmle.label | & ... | +| test.c:8:3:8:14 | & ... | semmle.label | & ... | +| test.c:9:3:9:12 | & ... | semmle.label | & ... | +| test.c:10:3:10:13 | & ... | semmle.label | & ... | +| test.c:11:3:11:14 | & ... | semmle.label | & ... | +| test.c:12:3:12:15 | & ... | semmle.label | & ... | +| test.c:15:3:15:13 | & ... | semmle.label | & ... | +| test.c:16:3:16:14 | & ... | semmle.label | & ... | +| test.c:17:3:17:12 | & ... | semmle.label | & ... | +| test.c:18:3:18:13 | & ... | semmle.label | & ... | +| test.c:19:3:19:14 | & ... | semmle.label | & ... | +| test.c:20:3:20:15 | & ... | semmle.label | & ... | +| test.c:23:3:23:13 | & ... | semmle.label | & ... | +| test.c:24:3:24:14 | & ... | semmle.label | & ... | +| test.c:25:3:25:12 | & ... | semmle.label | & ... | +| test.c:26:3:26:14 | & ... | semmle.label | & ... | +| test.c:27:3:27:13 | & ... | semmle.label | & ... | +| test.c:28:3:28:15 | & ... | semmle.label | & ... | +| test.c:31:3:31:13 | & ... | semmle.label | & ... | +| test.c:32:3:32:14 | & ... | semmle.label | & ... | +| test.c:33:3:33:12 | & ... | semmle.label | & ... | +| test.c:34:3:34:14 | & ... | semmle.label | & ... | +| test.c:35:3:35:13 | & ... | semmle.label | & ... | +| test.c:36:3:36:15 | & ... | semmle.label | & ... | +| test.c:39:3:39:13 | & ... | semmle.label | & ... | +| test.c:40:3:40:14 | & ... | semmle.label | & ... | +| test.c:41:3:41:12 | & ... | semmle.label | & ... | +| test.c:42:3:42:14 | & ... | semmle.label | & ... | +| test.c:43:3:43:13 | & ... | semmle.label | & ... | +| test.c:44:3:44:15 | & ... | semmle.label | & ... | +| test.c:47:3:47:13 | & ... | semmle.label | & ... | +| test.c:48:3:48:14 | & ... | semmle.label | & ... | +| test.c:49:3:49:12 | & ... | semmle.label | & ... | +| test.c:50:3:50:14 | & ... | semmle.label | & ... | +| test.c:51:3:51:13 | & ... | semmle.label | & ... | +| test.c:52:3:52:15 | & ... | semmle.label | & ... | +| test.c:57:3:57:13 | & ... | semmle.label | & ... | +| test.c:58:3:58:14 | & ... | semmle.label | & ... | +| test.c:59:3:59:12 | & ... | semmle.label | & ... | +| test.c:60:3:60:14 | & ... | semmle.label | & ... | +| test.c:61:3:61:13 | & ... | semmle.label | & ... | +| test.c:62:3:62:15 | & ... | semmle.label | & ... | +| test.c:65:3:65:13 | & ... | semmle.label | & ... | +| test.c:66:3:66:14 | & ... | semmle.label | & ... | +| test.c:67:3:67:12 | & ... | semmle.label | & ... | +| test.c:68:3:68:14 | & ... | semmle.label | & ... | +| test.c:69:3:69:13 | & ... | semmle.label | & ... | +| test.c:70:3:70:15 | & ... | semmle.label | & ... | | test.c:75:14:75:16 | & ... | semmle.label | & ... | | test.c:75:14:75:16 | & ... | semmle.label | & ... | -| test.c:76:11:76:12 | v1 | semmle.label | v1 | -| test.c:77:12:77:13 | v1 | semmle.label | v1 | -| test.c:78:10:78:11 | v1 | semmle.label | v1 | -| test.c:79:12:79:13 | v1 | semmle.label | v1 | -| test.c:80:11:80:12 | v1 | semmle.label | v1 | -| test.c:81:13:81:14 | v1 | semmle.label | v1 | +| test.c:75:14:75:16 | & ... | semmle.label | & ... | +| test.c:76:3:76:12 | v1 | semmle.label | v1 | +| test.c:77:3:77:13 | v1 | semmle.label | v1 | +| test.c:78:3:78:11 | v1 | semmle.label | v1 | +| test.c:79:3:79:13 | v1 | semmle.label | v1 | +| test.c:80:3:80:12 | v1 | semmle.label | v1 | +| test.c:81:3:81:14 | v1 | semmle.label | v1 | +| test.c:84:14:84:16 | & ... | semmle.label | & ... | | test.c:84:14:84:16 | & ... | semmle.label | & ... | | test.c:84:14:84:16 | & ... | semmle.label | & ... | -| test.c:85:11:85:12 | v2 | semmle.label | v2 | -| test.c:86:12:86:13 | v2 | semmle.label | v2 | -| test.c:87:10:87:11 | v2 | semmle.label | v2 | -| test.c:88:12:88:13 | v2 | semmle.label | v2 | -| test.c:89:11:89:12 | v2 | semmle.label | v2 | -| test.c:90:13:90:14 | v2 | semmle.label | v2 | +| test.c:85:3:85:12 | v2 | semmle.label | v2 | +| test.c:86:3:86:13 | v2 | semmle.label | v2 | +| test.c:87:3:87:11 | v2 | semmle.label | v2 | +| test.c:88:3:88:13 | v2 | semmle.label | v2 | +| test.c:89:3:89:12 | v2 | semmle.label | v2 | +| test.c:90:3:90:14 | v2 | semmle.label | v2 | +| test.c:93:14:93:16 | & ... | semmle.label | & ... | | test.c:93:14:93:16 | & ... | semmle.label | & ... | | test.c:93:14:93:16 | & ... | semmle.label | & ... | -| test.c:94:11:94:12 | v3 | semmle.label | v3 | -| test.c:95:12:95:13 | v3 | semmle.label | v3 | -| test.c:96:10:96:11 | v3 | semmle.label | v3 | -| test.c:97:12:97:13 | v3 | semmle.label | v3 | -| test.c:98:11:98:12 | v3 | semmle.label | v3 | -| test.c:99:13:99:14 | v3 | semmle.label | v3 | +| test.c:94:3:94:12 | v3 | semmle.label | v3 | +| test.c:95:3:95:13 | v3 | semmle.label | v3 | +| test.c:96:3:96:11 | v3 | semmle.label | v3 | +| test.c:97:3:97:13 | v3 | semmle.label | v3 | +| test.c:98:3:98:12 | v3 | semmle.label | v3 | +| test.c:99:3:99:14 | v3 | semmle.label | v3 | | test.c:102:14:102:16 | & ... | semmle.label | & ... | | test.c:102:14:102:16 | & ... | semmle.label | & ... | -| test.c:103:11:103:12 | v4 | semmle.label | v4 | -| test.c:104:12:104:13 | v4 | semmle.label | v4 | -| test.c:105:10:105:11 | v4 | semmle.label | v4 | -| test.c:106:12:106:13 | v4 | semmle.label | v4 | -| test.c:107:11:107:12 | v4 | semmle.label | v4 | -| test.c:108:13:108:14 | v4 | semmle.label | v4 | +| test.c:102:14:102:16 | & ... | semmle.label | & ... | +| test.c:103:3:103:12 | v4 | semmle.label | v4 | +| test.c:104:3:104:13 | v4 | semmle.label | v4 | +| test.c:105:3:105:11 | v4 | semmle.label | v4 | +| test.c:106:3:106:13 | v4 | semmle.label | v4 | +| test.c:107:3:107:12 | v4 | semmle.label | v4 | +| test.c:108:3:108:14 | v4 | semmle.label | v4 | +| test.c:111:14:111:16 | & ... | semmle.label | & ... | | test.c:111:14:111:16 | & ... | semmle.label | & ... | | test.c:111:14:111:16 | & ... | semmle.label | & ... | -| test.c:112:11:112:12 | v5 | semmle.label | v5 | -| test.c:113:12:113:13 | v5 | semmle.label | v5 | -| test.c:114:10:114:11 | v5 | semmle.label | v5 | -| test.c:115:12:115:13 | v5 | semmle.label | v5 | -| test.c:116:11:116:12 | v5 | semmle.label | v5 | -| test.c:117:13:117:14 | v5 | semmle.label | v5 | +| test.c:112:3:112:12 | v5 | semmle.label | v5 | +| test.c:113:3:113:13 | v5 | semmle.label | v5 | +| test.c:114:3:114:11 | v5 | semmle.label | v5 | +| test.c:115:3:115:13 | v5 | semmle.label | v5 | +| test.c:116:3:116:12 | v5 | semmle.label | v5 | +| test.c:117:3:117:14 | v5 | semmle.label | v5 | +| test.c:120:14:120:16 | & ... | semmle.label | & ... | | test.c:120:14:120:16 | & ... | semmle.label | & ... | | test.c:120:14:120:16 | & ... | semmle.label | & ... | -| test.c:121:11:121:12 | v6 | semmle.label | v6 | -| test.c:122:12:122:13 | v6 | semmle.label | v6 | -| test.c:123:10:123:11 | v6 | semmle.label | v6 | -| test.c:124:12:124:13 | v6 | semmle.label | v6 | -| test.c:125:11:125:12 | v6 | semmle.label | v6 | -| test.c:126:13:126:14 | v6 | semmle.label | v6 | +| test.c:121:3:121:12 | v6 | semmle.label | v6 | +| test.c:122:3:122:13 | v6 | semmle.label | v6 | +| test.c:123:3:123:11 | v6 | semmle.label | v6 | +| test.c:124:3:124:13 | v6 | semmle.label | v6 | +| test.c:125:3:125:12 | v6 | semmle.label | v6 | +| test.c:126:3:126:14 | v6 | semmle.label | v6 | | test.c:129:22:129:22 | v | semmle.label | v | -| test.c:130:17:130:17 | v | semmle.label | v | -| test.c:135:21:135:23 | & ... | semmle.label | & ... | -| test.c:135:21:135:23 | & ... | semmle.label | & ... | -| test.c:138:21:138:23 | & ... | semmle.label | & ... | -| test.c:138:21:138:23 | & ... | semmle.label | & ... | -| test.c:158:13:158:20 | & ... | semmle.label | & ... | -| test.c:161:13:161:20 | & ... | semmle.label | & ... | -| test.c:162:16:162:18 | & ... | semmle.label | & ... | -| test.c:166:24:166:29 | call to malloc | semmle.label | call to malloc | -| test.c:166:24:166:29 | call to malloc | semmle.label | call to malloc | -| test.c:167:13:167:15 | & ... | semmle.label | & ... | -| test.c:168:16:168:17 | s1 | semmle.label | s1 | +| test.c:130:10:130:17 | v | semmle.label | v | +| test.c:135:13:135:23 | & ... | semmle.label | & ... | +| test.c:135:13:135:23 | & ... | semmle.label | & ... | +| test.c:138:13:138:23 | & ... | semmle.label | & ... | +| test.c:138:13:138:23 | & ... | semmle.label | & ... | +| test.c:158:3:158:20 | & ... | semmle.label | & ... | +| test.c:161:3:161:20 | & ... | semmle.label | & ... | +| test.c:162:3:162:18 | & ... | semmle.label | & ... | +| test.c:166:15:166:33 | call to malloc | semmle.label | call to malloc | +| test.c:166:15:166:33 | call to malloc | semmle.label | call to malloc | +| test.c:166:15:166:33 | call to malloc | semmle.label | call to malloc | +| test.c:167:3:167:15 | & ... | semmle.label | & ... | +| test.c:168:3:168:17 | s1 | semmle.label | s1 | | test.c:169:13:169:14 | s1 | semmle.label | s1 | | test.c:169:13:169:14 | s1 | semmle.label | s1 | -| test.c:172:11:172:12 | s2 | semmle.label | s2 | -| test.c:173:13:173:14 | s2 | semmle.label | s2 | +| test.c:172:3:172:12 | s2 | semmle.label | s2 | +| test.c:173:3:173:14 | s2 | semmle.label | s2 | | test.c:174:13:174:14 | s2 | semmle.label | s2 | | test.c:174:13:174:14 | s2 | semmle.label | s2 | -| test.c:177:11:177:12 | s3 | semmle.label | s3 | -| test.c:178:13:178:14 | s3 | semmle.label | s3 | +| test.c:177:3:177:12 | s3 | semmle.label | s3 | +| test.c:178:3:178:14 | s3 | semmle.label | s3 | | test.c:179:13:179:14 | s3 | semmle.label | s3 | | test.c:179:13:179:14 | s3 | semmle.label | s3 | | test.c:183:14:183:26 | call to aligned_alloc | semmle.label | call to aligned_alloc | -| test.c:184:11:184:12 | v1 | semmle.label | v1 | -| test.c:185:10:185:11 | v1 | semmle.label | v1 | -| test.c:186:13:186:14 | v1 | semmle.label | v1 | +| test.c:183:14:183:26 | call to aligned_alloc | semmle.label | call to aligned_alloc | +| test.c:184:3:184:12 | v1 | semmle.label | v1 | +| test.c:185:3:185:11 | v1 | semmle.label | v1 | +| test.c:186:3:186:14 | v1 | semmle.label | v1 | | test.c:187:13:187:14 | v1 | semmle.label | v1 | | test.c:189:14:189:26 | call to aligned_alloc | semmle.label | call to aligned_alloc | +| test.c:189:14:189:26 | call to aligned_alloc | semmle.label | call to aligned_alloc | | test.c:190:13:190:14 | v2 | semmle.label | v2 | -| test.c:214:11:214:12 | p2 | semmle.label | p2 | -| test.c:215:12:215:13 | p2 | semmle.label | p2 | -| test.c:216:10:216:11 | p2 | semmle.label | p2 | -| test.c:217:11:217:12 | p2 | semmle.label | p2 | -| test.c:218:12:218:13 | p2 | semmle.label | p2 | -| test.c:219:13:219:14 | p2 | semmle.label | p2 | +| test.c:214:3:214:12 | p2 | semmle.label | p2 | +| test.c:215:3:215:13 | p2 | semmle.label | p2 | +| test.c:216:3:216:11 | p2 | semmle.label | p2 | +| test.c:217:3:217:12 | p2 | semmle.label | p2 | +| test.c:218:3:218:13 | p2 | semmle.label | p2 | +| test.c:219:3:219:14 | p2 | semmle.label | p2 | +| test.c:222:3:222:9 | ... = ... | semmle.label | ... = ... | | test.c:222:8:222:9 | p2 | semmle.label | p2 | | test.c:222:8:222:9 | p2 | semmle.label | p2 | -| test.c:223:11:223:12 | v1 | semmle.label | v1 | -| test.c:224:12:224:13 | v1 | semmle.label | v1 | -| test.c:225:10:225:11 | v1 | semmle.label | v1 | -| test.c:226:12:226:13 | v1 | semmle.label | v1 | -| test.c:227:11:227:12 | v1 | semmle.label | v1 | -| test.c:228:13:228:14 | v1 | semmle.label | v1 | +| test.c:223:3:223:12 | v1 | semmle.label | v1 | +| test.c:224:3:224:13 | v1 | semmle.label | v1 | +| test.c:225:3:225:11 | v1 | semmle.label | v1 | +| test.c:226:3:226:13 | v1 | semmle.label | v1 | +| test.c:227:3:227:12 | v1 | semmle.label | v1 | +| test.c:228:3:228:14 | v1 | semmle.label | v1 | +| test.c:238:13:238:14 | & ... | semmle.label | & ... | | test.c:238:13:238:14 | & ... | semmle.label | & ... | | test.c:240:16:240:19 | & ... | semmle.label | & ... | -| test.c:241:15:241:18 | & ... | semmle.label | & ... | +| test.c:240:16:240:19 | & ... | semmle.label | & ... | | test.c:241:15:241:18 | & ... | semmle.label | & ... | | test.c:244:12:244:13 | ip | semmle.label | ip | | test.c:246:9:246:12 | & ... | semmle.label | & ... | | test.c:247:9:247:12 | & ... | semmle.label | & ... | | test.c:252:16:252:18 | & ... | semmle.label | & ... | -| test.c:254:11:254:13 | ps1 | semmle.label | ps1 | -| test.c:255:11:255:13 | & ... | semmle.label | & ... | -| test.c:256:10:256:12 | ps1 | semmle.label | ps1 | -| test.c:257:10:257:12 | & ... | semmle.label | & ... | +| test.c:252:16:252:18 | & ... | semmle.label | & ... | +| test.c:254:3:254:13 | ps1 | semmle.label | ps1 | +| test.c:255:3:255:13 | & ... | semmle.label | & ... | +| test.c:256:3:256:12 | ps1 | semmle.label | ps1 | +| test.c:257:3:257:12 | & ... | semmle.label | & ... | subpaths #select -| test.c:8:3:8:14 | (short *)... | test.c:8:12:8:14 | & ... | test.c:8:12:8:14 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type short with 2-byte alignment. | test.c:8:12:8:14 | & ... | address-of expression | -| test.c:9:3:9:12 | (int *)... | test.c:9:10:9:12 | & ... | test.c:9:10:9:12 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:9:10:9:12 | & ... | address-of expression | -| test.c:10:3:10:13 | (long *)... | test.c:10:11:10:13 | & ... | test.c:10:11:10:13 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:10:11:10:13 | & ... | address-of expression | -| test.c:11:3:11:14 | (float *)... | test.c:11:12:11:14 | & ... | test.c:11:12:11:14 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:11:12:11:14 | & ... | address-of expression | -| test.c:12:3:12:15 | (double *)... | test.c:12:13:12:15 | & ... | test.c:12:13:12:15 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:12:13:12:15 | & ... | address-of expression | -| test.c:17:3:17:12 | (int *)... | test.c:17:10:17:12 | & ... | test.c:17:10:17:12 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:17:10:17:12 | & ... | address-of expression | -| test.c:18:3:18:13 | (long *)... | test.c:18:11:18:13 | & ... | test.c:18:11:18:13 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:18:11:18:13 | & ... | address-of expression | -| test.c:19:3:19:14 | (float *)... | test.c:19:12:19:14 | & ... | test.c:19:12:19:14 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:19:12:19:14 | & ... | address-of expression | -| test.c:20:3:20:15 | (double *)... | test.c:20:13:20:15 | & ... | test.c:20:13:20:15 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:20:13:20:15 | & ... | address-of expression | -| test.c:27:3:27:13 | (long *)... | test.c:27:11:27:13 | & ... | test.c:27:11:27:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:27:11:27:13 | & ... | address-of expression | -| test.c:28:3:28:15 | (double *)... | test.c:28:13:28:15 | & ... | test.c:28:13:28:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:28:13:28:15 | & ... | address-of expression | -| test.c:35:3:35:13 | (long *)... | test.c:35:11:35:13 | & ... | test.c:35:11:35:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:35:11:35:13 | & ... | address-of expression | -| test.c:36:3:36:15 | (double *)... | test.c:36:13:36:15 | & ... | test.c:36:13:36:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:36:13:36:15 | & ... | address-of expression | -| test.c:61:3:61:13 | (long *)... | test.c:61:11:61:13 | & ... | test.c:61:11:61:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:61:11:61:13 | & ... | address-of expression | -| test.c:62:3:62:15 | (double *)... | test.c:62:13:62:15 | & ... | test.c:62:13:62:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:62:13:62:15 | & ... | address-of expression | -| test.c:77:3:77:13 | (short *)... | test.c:75:14:75:16 | & ... | test.c:77:12:77:13 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type short with 2-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:78:3:78:11 | (int *)... | test.c:75:14:75:16 | & ... | test.c:78:10:78:11 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:79:3:79:13 | (float *)... | test.c:75:14:75:16 | & ... | test.c:79:12:79:13 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:80:3:80:12 | (long *)... | test.c:75:14:75:16 | & ... | test.c:80:11:80:12 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:81:3:81:14 | (double *)... | test.c:75:14:75:16 | & ... | test.c:81:13:81:14 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:87:3:87:11 | (int *)... | test.c:84:14:84:16 | & ... | test.c:87:10:87:11 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | -| test.c:88:3:88:13 | (float *)... | test.c:84:14:84:16 | & ... | test.c:88:12:88:13 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | -| test.c:89:3:89:12 | (long *)... | test.c:84:14:84:16 | & ... | test.c:89:11:89:12 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | -| test.c:90:3:90:14 | (double *)... | test.c:84:14:84:16 | & ... | test.c:90:13:90:14 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | -| test.c:98:3:98:12 | (long *)... | test.c:93:14:93:16 | & ... | test.c:98:11:98:12 | v3 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:93:14:93:16 | & ... | address-of expression | -| test.c:99:3:99:14 | (double *)... | test.c:93:14:93:16 | & ... | test.c:99:13:99:14 | v3 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:93:14:93:16 | & ... | address-of expression | -| test.c:107:3:107:12 | (long *)... | test.c:102:14:102:16 | & ... | test.c:107:11:107:12 | v4 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:102:14:102:16 | & ... | address-of expression | -| test.c:108:3:108:14 | (double *)... | test.c:102:14:102:16 | & ... | test.c:108:13:108:14 | v4 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:102:14:102:16 | & ... | address-of expression | -| test.c:130:10:130:17 | (int *)... | test.c:135:21:135:23 | & ... | test.c:130:17:130:17 | v | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:135:21:135:23 | & ... | address-of expression | -| test.c:130:10:130:17 | (int *)... | test.c:174:13:174:14 | s2 | test.c:130:17:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:174:13:174:14 | s2 | pointer base type short | -| test.c:130:10:130:17 | (int *)... | test.c:179:13:179:14 | s3 | test.c:130:17:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:179:13:179:14 | s3 | pointer base type short | -| test.c:130:10:130:17 | (int *)... | test.c:189:14:189:26 | call to aligned_alloc | test.c:130:17:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:189:14:189:26 | call to aligned_alloc | call to aligned_alloc | -| test.c:158:3:158:20 | (size_t *)... | test.c:158:13:158:20 | & ... | test.c:158:13:158:20 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:158:13:158:20 | & ... | address-of expression | -| test.c:162:3:162:18 | (S3 *)... | test.c:162:16:162:18 | & ... | test.c:162:16:162:18 | & ... | Cast from pointer with 8-byte alignment (defined by $@) to pointer with base type S3 with 64-byte alignment. | test.c:162:16:162:18 | & ... | address-of expression | -| test.c:168:3:168:17 | (S3 *)... | test.c:166:24:166:29 | call to malloc | test.c:168:16:168:17 | s1 | Cast from pointer with 16-byte alignment (defined by $@) to pointer with base type S3 with 64-byte alignment. | test.c:166:24:166:29 | call to malloc | call to malloc | -| test.c:173:3:173:14 | (size_t *)... | test.c:173:13:173:14 | s2 | test.c:173:13:173:14 | s2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:173:13:173:14 | s2 | pointer base type short | -| test.c:178:3:178:14 | (size_t *)... | test.c:178:13:178:14 | s3 | test.c:178:13:178:14 | s3 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:178:13:178:14 | s3 | pointer base type short | -| test.c:186:3:186:14 | (size_t *)... | test.c:183:14:183:26 | call to aligned_alloc | test.c:186:13:186:14 | v1 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:183:14:183:26 | call to aligned_alloc | call to aligned_alloc | -| test.c:216:3:216:11 | (int *)... | test.c:216:10:216:11 | p2 | test.c:216:10:216:11 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:216:10:216:11 | p2 | pointer base type short | -| test.c:217:3:217:12 | (long *)... | test.c:217:11:217:12 | p2 | test.c:217:11:217:12 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:217:11:217:12 | p2 | pointer base type short | -| test.c:218:3:218:13 | (float *)... | test.c:218:12:218:13 | p2 | test.c:218:12:218:13 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:218:12:218:13 | p2 | pointer base type short | -| test.c:219:3:219:14 | (double *)... | test.c:219:13:219:14 | p2 | test.c:219:13:219:14 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:219:13:219:14 | p2 | pointer base type short | -| test.c:225:3:225:11 | (int *)... | test.c:222:8:222:9 | p2 | test.c:225:10:225:11 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | -| test.c:226:3:226:13 | (float *)... | test.c:222:8:222:9 | p2 | test.c:226:12:226:13 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | -| test.c:227:3:227:12 | (long *)... | test.c:222:8:222:9 | p2 | test.c:227:11:227:12 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | -| test.c:228:3:228:14 | (double *)... | test.c:222:8:222:9 | p2 | test.c:228:13:228:14 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | -| test.c:256:3:256:12 | (int *)... | test.c:252:16:252:18 | & ... | test.c:256:10:256:12 | ps1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:252:16:252:18 | & ... | address-of expression | -| test.c:257:3:257:12 | (int *)... | test.c:257:10:257:12 | & ... | test.c:257:10:257:12 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:257:10:257:12 | & ... | address-of expression | +| test.c:8:3:8:14 | (short *)... | test.c:8:3:8:14 | & ... | test.c:8:3:8:14 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type short with 2-byte alignment. | test.c:8:12:8:14 | & ... | address-of expression | +| test.c:9:3:9:12 | (int *)... | test.c:9:3:9:12 | & ... | test.c:9:3:9:12 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:9:10:9:12 | & ... | address-of expression | +| test.c:10:3:10:13 | (long *)... | test.c:10:3:10:13 | & ... | test.c:10:3:10:13 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:10:11:10:13 | & ... | address-of expression | +| test.c:11:3:11:14 | (float *)... | test.c:11:3:11:14 | & ... | test.c:11:3:11:14 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:11:12:11:14 | & ... | address-of expression | +| test.c:12:3:12:15 | (double *)... | test.c:12:3:12:15 | & ... | test.c:12:3:12:15 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:12:13:12:15 | & ... | address-of expression | +| test.c:17:3:17:12 | (int *)... | test.c:17:3:17:12 | & ... | test.c:17:3:17:12 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:17:10:17:12 | & ... | address-of expression | +| test.c:18:3:18:13 | (long *)... | test.c:18:3:18:13 | & ... | test.c:18:3:18:13 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:18:11:18:13 | & ... | address-of expression | +| test.c:19:3:19:14 | (float *)... | test.c:19:3:19:14 | & ... | test.c:19:3:19:14 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:19:12:19:14 | & ... | address-of expression | +| test.c:20:3:20:15 | (double *)... | test.c:20:3:20:15 | & ... | test.c:20:3:20:15 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:20:13:20:15 | & ... | address-of expression | +| test.c:27:3:27:13 | (long *)... | test.c:27:3:27:13 | & ... | test.c:27:3:27:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:27:11:27:13 | & ... | address-of expression | +| test.c:28:3:28:15 | (double *)... | test.c:28:3:28:15 | & ... | test.c:28:3:28:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:28:13:28:15 | & ... | address-of expression | +| test.c:35:3:35:13 | (long *)... | test.c:35:3:35:13 | & ... | test.c:35:3:35:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:35:11:35:13 | & ... | address-of expression | +| test.c:36:3:36:15 | (double *)... | test.c:36:3:36:15 | & ... | test.c:36:3:36:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:36:13:36:15 | & ... | address-of expression | +| test.c:61:3:61:13 | (long *)... | test.c:61:3:61:13 | & ... | test.c:61:3:61:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:61:11:61:13 | & ... | address-of expression | +| test.c:62:3:62:15 | (double *)... | test.c:62:3:62:15 | & ... | test.c:62:3:62:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:62:13:62:15 | & ... | address-of expression | +| test.c:77:3:77:13 | (short *)... | test.c:75:14:75:16 | & ... | test.c:77:3:77:13 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type short with 2-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:78:3:78:11 | (int *)... | test.c:75:14:75:16 | & ... | test.c:78:3:78:11 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:79:3:79:13 | (float *)... | test.c:75:14:75:16 | & ... | test.c:79:3:79:13 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:80:3:80:12 | (long *)... | test.c:75:14:75:16 | & ... | test.c:80:3:80:12 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:81:3:81:14 | (double *)... | test.c:75:14:75:16 | & ... | test.c:81:3:81:14 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:87:3:87:11 | (int *)... | test.c:84:14:84:16 | & ... | test.c:87:3:87:11 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | +| test.c:88:3:88:13 | (float *)... | test.c:84:14:84:16 | & ... | test.c:88:3:88:13 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | +| test.c:89:3:89:12 | (long *)... | test.c:84:14:84:16 | & ... | test.c:89:3:89:12 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | +| test.c:90:3:90:14 | (double *)... | test.c:84:14:84:16 | & ... | test.c:90:3:90:14 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | +| test.c:98:3:98:12 | (long *)... | test.c:93:14:93:16 | & ... | test.c:98:3:98:12 | v3 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:93:14:93:16 | & ... | address-of expression | +| test.c:99:3:99:14 | (double *)... | test.c:93:14:93:16 | & ... | test.c:99:3:99:14 | v3 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:93:14:93:16 | & ... | address-of expression | +| test.c:107:3:107:12 | (long *)... | test.c:102:14:102:16 | & ... | test.c:107:3:107:12 | v4 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:102:14:102:16 | & ... | address-of expression | +| test.c:108:3:108:14 | (double *)... | test.c:102:14:102:16 | & ... | test.c:108:3:108:14 | v4 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:102:14:102:16 | & ... | address-of expression | +| test.c:130:10:130:17 | (int *)... | test.c:135:13:135:23 | & ... | test.c:130:10:130:17 | v | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:135:21:135:23 | & ... | address-of expression | +| test.c:130:10:130:17 | (int *)... | test.c:174:13:174:14 | s2 | test.c:130:10:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:174:13:174:14 | s2 | pointer base type short | +| test.c:130:10:130:17 | (int *)... | test.c:179:13:179:14 | s3 | test.c:130:10:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:179:13:179:14 | s3 | pointer base type short | +| test.c:130:10:130:17 | (int *)... | test.c:189:14:189:26 | call to aligned_alloc | test.c:130:10:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:189:14:189:26 | call to aligned_alloc | call to aligned_alloc | +| test.c:158:3:158:20 | (size_t *)... | test.c:158:3:158:20 | & ... | test.c:158:3:158:20 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:158:13:158:20 | & ... | address-of expression | +| test.c:162:3:162:18 | (S3 *)... | test.c:162:3:162:18 | & ... | test.c:162:3:162:18 | & ... | Cast from pointer with 8-byte alignment (defined by $@) to pointer with base type S3 with 64-byte alignment. | test.c:162:16:162:18 | & ... | address-of expression | +| test.c:168:3:168:17 | (S3 *)... | test.c:166:15:166:33 | call to malloc | test.c:168:3:168:17 | s1 | Cast from pointer with 16-byte alignment (defined by $@) to pointer with base type S3 with 64-byte alignment. | test.c:166:24:166:29 | call to malloc | call to malloc | +| test.c:173:3:173:14 | (size_t *)... | test.c:173:3:173:14 | s2 | test.c:173:3:173:14 | s2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:173:13:173:14 | s2 | pointer base type short | +| test.c:178:3:178:14 | (size_t *)... | test.c:178:3:178:14 | s3 | test.c:178:3:178:14 | s3 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:178:13:178:14 | s3 | pointer base type short | +| test.c:186:3:186:14 | (size_t *)... | test.c:183:14:183:26 | call to aligned_alloc | test.c:186:3:186:14 | v1 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:183:14:183:26 | call to aligned_alloc | call to aligned_alloc | +| test.c:216:3:216:11 | (int *)... | test.c:216:3:216:11 | p2 | test.c:216:3:216:11 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:216:10:216:11 | p2 | pointer base type short | +| test.c:217:3:217:12 | (long *)... | test.c:217:3:217:12 | p2 | test.c:217:3:217:12 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:217:11:217:12 | p2 | pointer base type short | +| test.c:218:3:218:13 | (float *)... | test.c:218:3:218:13 | p2 | test.c:218:3:218:13 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:218:12:218:13 | p2 | pointer base type short | +| test.c:219:3:219:14 | (double *)... | test.c:219:3:219:14 | p2 | test.c:219:3:219:14 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:219:13:219:14 | p2 | pointer base type short | +| test.c:225:3:225:11 | (int *)... | test.c:222:8:222:9 | p2 | test.c:225:3:225:11 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | +| test.c:226:3:226:13 | (float *)... | test.c:222:8:222:9 | p2 | test.c:226:3:226:13 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | +| test.c:227:3:227:12 | (long *)... | test.c:222:8:222:9 | p2 | test.c:227:3:227:12 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | +| test.c:228:3:228:14 | (double *)... | test.c:222:8:222:9 | p2 | test.c:228:3:228:14 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | +| test.c:256:3:256:12 | (int *)... | test.c:252:16:252:18 | & ... | test.c:256:3:256:12 | ps1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:252:16:252:18 | & ... | address-of expression | +| test.c:257:3:257:12 | (int *)... | test.c:257:3:257:12 | & ... | test.c:257:3:257:12 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:257:10:257:12 | & ... | address-of expression | From 8fdea498b1575f289798782c06aa500bbd9fc23c Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:52:09 +0200 Subject: [PATCH 06/13] Convert MSC33-C to the new dataflow library As it is the dataflow used by `asctime` that is relevant, and not the pointer, use the indirect expression. --- .../DoNotPassInvalidDataToTheAsctimeFunction.ql | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql b/c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql index 67fa83e85..6342bcbd6 100644 --- a/c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql +++ b/c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * The argument of a call to `asctime` @@ -29,6 +29,8 @@ class AsctimeArg extends Expr { this = any(FunctionCall f | f.getTarget().hasGlobalName(["asctime", "asctime_r"])).getArgument(0) } + + DataFlow::Node asSink() { this = result.asIndirectExpr() } } /** @@ -37,13 +39,13 @@ class AsctimeArg extends Expr { */ module TmStructSafeConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { - src.asExpr() + src.asIndirectExpr() .(FunctionCall) .getTarget() .hasGlobalName(["localtime", "localtime_r", "localtime_s", "gmtime", "gmtime_r", "gmtime_s"]) } - predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof AsctimeArg } + predicate isSink(DataFlow::Node sink) { exists(AsctimeArg arg | arg.asSink() = sink) } } module TmStructSafeFlow = DataFlow::Global; @@ -51,6 +53,6 @@ module TmStructSafeFlow = DataFlow::Global; from AsctimeArg fc where not isExcluded(fc, Contracts7Package::doNotPassInvalidDataToTheAsctimeFunctionQuery()) and - not TmStructSafeFlow::flowToExpr(fc) + not TmStructSafeFlow::flowTo(fc.asSink()) select fc, "The function `asctime` and `asctime_r` should be discouraged. Unsanitized input can overflow the output buffer." From 3289621c7375cec7a97c13bb300d68c041364b46 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:07:39 +0200 Subject: [PATCH 07/13] Convert MSC51-CPP to the new dataflow library --- .../src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql | 2 +- .../rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/cert/src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql b/cpp/cert/src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql index 5322fbbde..2c015aa68 100644 --- a/cpp/cert/src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql +++ b/cpp/cert/src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.cpp.cert import codingstandards.cpp.standardlibrary.Random -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking from RandomNumberEngineCreation createRandomNumberEngine, string seedSource where diff --git a/cpp/cert/test/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected b/cpp/cert/test/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected index 606ccbff2..0128221ff 100644 --- a/cpp/cert/test/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected +++ b/cpp/cert/test/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected @@ -1,4 +1,3 @@ -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (BadlySeededRandomNumberGenerator.ql:42,7-20) | test.cpp:9:33:9:33 | call to linear_congruential_engine | Random number generator linear_congruential_engine is default-initialized and is therefore not properly seeded. | | test.cpp:10:30:10:31 | call to linear_congruential_engine | Random number generator linear_congruential_engine is default-initialized and is therefore not properly seeded. | | test.cpp:11:21:11:22 | call to linear_congruential_engine | Random number generator linear_congruential_engine is default-initialized and is therefore not properly seeded. | From d20cd3a98c692313435cb0ba0fb44c1fcdd1898e Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:16:22 +0200 Subject: [PATCH 08/13] Convert CTR56-CPP to the new dataflow library --- .../DoNotUsePointerArithmeticOnPolymorphicObjects.ql | 2 +- ...DoNotUsePointerArithmeticOnPolymorphicObjects.expected | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cpp/cert/src/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.ql b/cpp/cert/src/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.ql index b4ac26722..2522f6c5e 100644 --- a/cpp/cert/src/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.ql +++ b/cpp/cert/src/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.cpp.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import NonFinalClassToPointerArithmeticExprFlow::PathGraph class ArrayAccessOrPointerArith extends Expr { diff --git a/cpp/cert/test/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.expected b/cpp/cert/test/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.expected index 51ef13412..1477f314a 100644 --- a/cpp/cert/test/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.expected +++ b/cpp/cert/test/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.expected @@ -1,13 +1,11 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnPolymorphicObjects.ql:46,62-70) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnPolymorphicObjects.ql:47,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnPolymorphicObjects.ql:56,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnPolymorphicObjects.ql:62,3-11) edges | test.cpp:15:19:15:21 | foo | test.cpp:16:24:16:26 | foo | provenance | | | test.cpp:15:19:15:21 | foo | test.cpp:16:51:16:53 | foo | provenance | | | test.cpp:27:19:27:21 | foo | test.cpp:29:18:29:20 | foo | provenance | | +| test.cpp:40:12:40:19 | new | test.cpp:40:12:40:19 | new | provenance | | | test.cpp:40:12:40:19 | new | test.cpp:43:6:43:7 | l1 | provenance | | | test.cpp:40:12:40:19 | new | test.cpp:44:6:44:7 | l1 | provenance | | +| test.cpp:42:12:42:14 | & ... | test.cpp:42:12:42:14 | & ... | provenance | | | test.cpp:42:12:42:14 | & ... | test.cpp:45:6:45:7 | l3 | provenance | | | test.cpp:42:12:42:14 | & ... | test.cpp:46:6:46:7 | l3 | provenance | | | test.cpp:43:6:43:7 | l1 | test.cpp:15:19:15:21 | foo | provenance | | @@ -21,6 +19,8 @@ nodes | test.cpp:27:19:27:21 | foo | semmle.label | foo | | test.cpp:29:18:29:20 | foo | semmle.label | foo | | test.cpp:40:12:40:19 | new | semmle.label | new | +| test.cpp:40:12:40:19 | new | semmle.label | new | +| test.cpp:42:12:42:14 | & ... | semmle.label | & ... | | test.cpp:42:12:42:14 | & ... | semmle.label | & ... | | test.cpp:43:6:43:7 | l1 | semmle.label | l1 | | test.cpp:44:6:44:7 | l1 | semmle.label | l1 | From 77e8e0ebfd842acd21f043d8c8fad519853c1528 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:26:34 +0200 Subject: [PATCH 09/13] Convert EXP51-CPP ot use the new dataflow library --- ...DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql | 2 +- ...eleteAnArrayThroughAPointerOfTheIncorrectType.expected | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cpp/cert/src/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql b/cpp/cert/src/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql index d0935cc79..32e3460e0 100644 --- a/cpp/cert/src/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql +++ b/cpp/cert/src/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.cpp.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import AllocationToDeleteFlow::PathGraph module AllocationToDeleteConfig implements DataFlow::ConfigSig { diff --git a/cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.expected b/cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.expected index 8b7a4902c..a9d3df2d2 100644 --- a/cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.expected +++ b/cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.expected @@ -1,12 +1,12 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql:24,44-52) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql:25,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql:27,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql:32,33-41) edges +| test.cpp:6:19:6:37 | new[] | test.cpp:6:19:6:37 | new[] | provenance | | | test.cpp:6:19:6:37 | new[] | test.cpp:9:12:9:13 | l1 | provenance | | +| test.cpp:7:22:7:40 | new[] | test.cpp:7:22:7:40 | new[] | provenance | | | test.cpp:7:22:7:40 | new[] | test.cpp:10:12:10:13 | l2 | provenance | | nodes | test.cpp:6:19:6:37 | new[] | semmle.label | new[] | +| test.cpp:6:19:6:37 | new[] | semmle.label | new[] | +| test.cpp:7:22:7:40 | new[] | semmle.label | new[] | | test.cpp:7:22:7:40 | new[] | semmle.label | new[] | | test.cpp:9:12:9:13 | l1 | semmle.label | l1 | | test.cpp:10:12:10:13 | l2 | semmle.label | l2 | From 57b6091c6165d210a4590ab8c4661fbe53ea908d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:32:52 +0200 Subject: [PATCH 10/13] Conver M3-9-3 to use the new dataflow library --- .../UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql | 2 +- ...erlyingBitRepresentationsOfFloatingPointValuesUsed.expected | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/cpp/autosar/src/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql b/cpp/autosar/src/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql index 279ad08f3..820efffae 100644 --- a/cpp/autosar/src/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql +++ b/cpp/autosar/src/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql @@ -14,7 +14,7 @@ import cpp import codingstandards.cpp.autosar -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow predicate pointeeIsModified(PointerDereferenceExpr e, Expr m) { exists(Assignment a | a.getLValue() = e and m = a) diff --git a/cpp/autosar/test/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.expected b/cpp/autosar/test/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.expected index d0fe6416c..9aec2314d 100644 --- a/cpp/autosar/test/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.expected +++ b/cpp/autosar/test/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.expected @@ -1,5 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql:27,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql:36,10-18) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql:37,5-13) | test.cpp:5:3:5:20 | ... &= ... | Modification of bit-representation of float originated at $@ | test.cpp:4:24:4:60 | reinterpret_cast... | cast | | test.cpp:12:3:12:14 | ... &= ... | Modification of bit-representation of float originated at $@ | test.cpp:11:18:11:30 | (uint8_t *)... | cast | From 357ee08e35bcc4771bd1282c2217b6858dc4ae12 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:42:37 +0200 Subject: [PATCH 11/13] Convert A9-3-1 to use the new dataflow library --- ...sNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql | 2 +- ...nstRawPointersOrReferencesToPrivateOrProtectedData.expected | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/cpp/autosar/src/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql b/cpp/autosar/src/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql index 478f8dcdf..458382c90 100644 --- a/cpp/autosar/src/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql +++ b/cpp/autosar/src/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql @@ -15,7 +15,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.CommonTypes as CommonTypes -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class AccessAwareMemberFunction extends MemberFunction { Class c; diff --git a/cpp/autosar/test/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.expected b/cpp/autosar/test/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.expected index 70892c12c..04c1f35a4 100644 --- a/cpp/autosar/test/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.expected +++ b/cpp/autosar/test/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.expected @@ -1,6 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql:73,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql:73,23-31) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql:73,46-54) | test.cpp:20:8:20:12 | getB2 | Member function A::getB2 $@ a non-const raw pointer or reference to a private or protected $@. | test.cpp:20:25:20:25 | b | returns | test.cpp:54:7:54:7 | b | field | | test.cpp:22:8:22:12 | getB3 | Member function A::getB3 $@ a non-const raw pointer or reference to a private or protected $@. | test.cpp:22:25:22:26 | & ... | returns | test.cpp:54:7:54:7 | b | field | | test.cpp:24:8:24:13 | getB33 | Member function A::getB33 $@ a non-const raw pointer or reference to a private or protected $@. | test.cpp:26:12:26:13 | bb | returns | test.cpp:54:7:54:7 | b | field | From 30114c5c7fde78d9c1a7368245c070c302674739 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:51:49 +0200 Subject: [PATCH 12/13] Convert A27-0-4 to use the new dataflow library --- cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql | 2 +- cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql b/cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql index b24a4a96c..5ad2e9ee0 100644 --- a/cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql +++ b/cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql @@ -14,7 +14,7 @@ import cpp import codingstandards.cpp.autosar -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class InstanceOfCStyleString extends Expr { InstanceOfCStyleString() { diff --git a/cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected b/cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected index 555cb412b..6184aad74 100644 --- a/cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected +++ b/cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected @@ -1,6 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CStyleStringsUsed.ql:39,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CStyleStringsUsed.ql:39,23-31) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CStyleStringsUsed.ql:39,47-55) | test.cpp:7:20:7:27 | CodeQL | Usage of C-style string in $@. | test.cpp:7:20:7:27 | CodeQL | expression | | test.cpp:7:20:7:27 | CodeQL | Usage of C-style string in $@. | test.cpp:16:16:16:17 | a1 | expression | | test.cpp:8:22:8:26 | call to c_str | Usage of C-style string in $@. | test.cpp:8:22:8:26 | call to c_str | expression | From d313bf27b4c1767778e70a91371305ba48f06a76 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:54:04 +0200 Subject: [PATCH 13/13] Convert A5-0-4 to use the new dataflow library --- .../PointerArithmeticUsedWithPointersToNonFinalClasses.ql | 2 +- ...erArithmeticUsedWithPointersToNonFinalClasses.expected | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cpp/autosar/src/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.ql b/cpp/autosar/src/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.ql index ac2375f6a..eb818204b 100644 --- a/cpp/autosar/src/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.ql +++ b/cpp/autosar/src/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.ql @@ -17,7 +17,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.Type -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import NonFinalClassToPointerArithmeticExprFlow::PathGraph class ArrayAccessOrPointerArith extends Expr { diff --git a/cpp/autosar/test/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.expected b/cpp/autosar/test/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.expected index e2b51e5fb..fc29955b2 100644 --- a/cpp/autosar/test/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.expected +++ b/cpp/autosar/test/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.expected @@ -1,13 +1,11 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (PointerArithmeticUsedWithPointersToNonFinalClasses.ql:45,62-70) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (PointerArithmeticUsedWithPointersToNonFinalClasses.ql:46,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (PointerArithmeticUsedWithPointersToNonFinalClasses.ql:55,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (PointerArithmeticUsedWithPointersToNonFinalClasses.ql:61,3-11) edges | test.cpp:10:18:10:20 | foo | test.cpp:11:23:11:25 | foo | provenance | | | test.cpp:10:18:10:20 | foo | test.cpp:11:50:11:52 | foo | provenance | | | test.cpp:22:18:22:20 | foo | test.cpp:24:18:24:20 | foo | provenance | | +| test.cpp:35:11:35:17 | new | test.cpp:35:11:35:17 | new | provenance | | | test.cpp:35:11:35:17 | new | test.cpp:38:6:38:7 | l1 | provenance | | | test.cpp:35:11:35:17 | new | test.cpp:39:6:39:7 | l1 | provenance | | +| test.cpp:37:11:37:13 | & ... | test.cpp:37:11:37:13 | & ... | provenance | | | test.cpp:37:11:37:13 | & ... | test.cpp:40:6:40:7 | l3 | provenance | | | test.cpp:37:11:37:13 | & ... | test.cpp:41:6:41:7 | l3 | provenance | | | test.cpp:38:6:38:7 | l1 | test.cpp:10:18:10:20 | foo | provenance | | @@ -21,6 +19,8 @@ nodes | test.cpp:22:18:22:20 | foo | semmle.label | foo | | test.cpp:24:18:24:20 | foo | semmle.label | foo | | test.cpp:35:11:35:17 | new | semmle.label | new | +| test.cpp:35:11:35:17 | new | semmle.label | new | +| test.cpp:37:11:37:13 | & ... | semmle.label | & ... | | test.cpp:37:11:37:13 | & ... | semmle.label | & ... | | test.cpp:38:6:38:7 | l1 | semmle.label | l1 | | test.cpp:39:6:39:7 | l1 | semmle.label | l1 |