diff --git a/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql b/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql index 1356777e5f..9fd4aae3b4 100644 --- a/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql +++ b/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Overflow -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking /** * Gets the maximum size (in bytes) a variable-length array diff --git a/c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql b/c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql index 2e1064ee9d..3cbcb30113 100644 --- a/c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql +++ b/c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Objects -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class Source extends Expr { ObjectIdentity rootObject; @@ -34,7 +34,7 @@ class Sink extends DataFlow::Node { Sink() { //output parameter exists(Parameter f | - f.getAnAccess() = this.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() and + this.isFinalValueOfParameter(f) and f.getUnderlyingType() instanceof PointerType ) or diff --git a/c/cert/src/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql b/c/cert/src/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql index 146d0cb30f..3686895c79 100644 --- a/c/cert/src/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql +++ b/c/cert/src/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql @@ -20,7 +20,7 @@ import codingstandards.c.cert import codingstandards.c.Errno import codingstandards.c.Signal import semmle.code.cpp.controlflow.Guards -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * A check on `signal` call return value diff --git a/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql b/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql index 5e473b226e..f41222999c 100644 --- a/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql +++ b/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.c.cert import semmle.code.cpp.commons.NULL import codingstandards.cpp.ReadErrorsAndEOF -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow ComparisonOperation getAValidComparison(string spec) { spec = "=0" and result.(EqualityOperation).getAnOperand().getValue() = "0" diff --git a/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql b/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql index 6d223dab72..cea415350c 100644 --- a/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql +++ b/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import SuspectFunctionPointerToCallFlow::PathGraph /** @@ -61,7 +61,8 @@ where not isExcluded(src.getNode().asExpr(), ExpressionsPackage::doNotCallFunctionPointerWithIncompatibleTypeQuery()) and access = src.getNode().asExpr() and - SuspectFunctionPointerToCallFlow::flowPath(src, sink) + SuspectFunctionPointerToCallFlow::flowPath(src, sink) and + not access.getType() = sink.getNode().asExpr().getFullyConverted().getType() select src, src, sink, "Incompatible function $@ assigned to function pointer is eventually called through the pointer.", access.getTarget(), access.getTarget().getName() diff --git a/c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql b/c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql index 9d8e4b16d4..49b65091f1 100644 --- a/c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql +++ b/c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql @@ -17,7 +17,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import CastFlow::PathGraph import codingstandards.cpp.SideEffect diff --git a/c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql b/c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql index bc0a417bd0..700aaf2cf5 100644 --- a/c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql +++ b/c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql @@ -17,7 +17,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class FgetposCall extends FunctionCall { FgetposCall() { this.getTarget().hasGlobalOrStdName("fgetpos") } @@ -30,12 +30,12 @@ class FsetposCall extends FunctionCall { module FposDFConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { // source must be the second parameter of a FgetposCall call - source = DataFlow::definitionByReferenceNodeFromArgument(any(FgetposCall c).getArgument(1)) + source.asDefiningArgument() = any(FgetposCall c).getArgument(1) } predicate isSink(DataFlow::Node sink) { // sink must be the second parameter of a FsetposCall call - sink.asExpr() = any(FsetposCall c).getArgument(1) + sink.asIndirectExpr() = any(FsetposCall c).getArgument(1) } } @@ -45,6 +45,6 @@ from FsetposCall fsetpos where not isExcluded(fsetpos.getArgument(1), IO2Package::onlyUseValuesForFsetposThatAreReturnedFromFgetposQuery()) and - not FposDFFlow::flowToExpr(fsetpos.getArgument(1)) + not exists(DataFlow::Node n | n.asIndirectExpr() = fsetpos.getArgument(1) | FposDFFlow::flowTo(n)) select fsetpos.getArgument(1), "The position argument of a call to `fsetpos()` should be obtained from a call to `fgetpos()`." diff --git a/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql b/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql index 06fd267560..2f937607e3 100644 --- a/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql +++ b/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql @@ -21,7 +21,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Overflow import semmle.code.cpp.controlflow.Guards -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import semmle.code.cpp.models.Models /** diff --git a/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql b/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql index 90c34a44a2..e6d7cfe07d 100644 --- a/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql +++ b/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Alignment -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import AlignedAllocToReallocFlow::PathGraph int getStatedValue(Expr e) { diff --git a/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql b/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql index 4cc0f9e32c..dfa0e5d199 100644 --- a/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql +++ b/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Signal -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * Does not access an external variable except diff --git a/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql b/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql index bd65019f98..b00fb33844 100644 --- a/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql +++ b/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Signal -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * CFG nodes preceeding a `ReturnStmt` diff --git a/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected b/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected index 1617571bbe..25153f195b 100644 --- a/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected +++ b/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected @@ -1,5 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:110,11-19) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:93,5-18) | test.c:14:8:14:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. | | test.c:15:8:15:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. | | test.c:16:8:16:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. | diff --git a/c/cert/test/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.expected b/c/cert/test/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.expected index a4359d7000..e193e8c8eb 100644 --- a/c/cert/test/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.expected +++ b/c/cert/test/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.expected @@ -1,7 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:33,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:37,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:50,6-14) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:50,26-34) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:56,3-11) | test.c:3:10:3:10 | a | $@ with automatic storage may be accessible outside of its lifetime. | test.c:3:10:3:10 | a | a | -| test.c:15:4:15:8 | param [inner post update] | $@ with automatic storage may be accessible outside of its lifetime. | test.c:15:12:15:13 | a2 | a2 | +| test.c:12:16:12:20 | *param | $@ with automatic storage may be accessible outside of its lifetime. | test.c:15:12:15:13 | a2 | a2 | diff --git a/c/cert/test/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected b/c/cert/test/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected index b79a17ca35..da9122cfd4 100644 --- a/c/cert/test/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected +++ b/c/cert/test/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected @@ -1,7 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:56,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:56,27-35) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:57,9-17) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:60,9-17) | test.c:12:5:12:10 | call to perror | `errno` has indeterminate value after this $@. | test.c:10:21:10:26 | call to signal | call to signal | | test.c:30:5:30:10 | call to perror | `errno` has indeterminate value after this $@. | test.c:26:21:26:26 | call to signal | call to signal | | test.c:49:5:49:10 | call to perror | `errno` has indeterminate value after this $@. | test.c:45:21:45:26 | call to signal | call to signal | diff --git a/c/cert/test/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected b/c/cert/test/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected index f4006c013e..fbcc44b856 100644 --- a/c/cert/test/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected +++ b/c/cert/test/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleStandardLibraryErrors.ql:459,5-13) | test.c:18:3:18:11 | call to setlocale | Missing error detection for the call to function `setlocale`. | | test.c:24:23:24:31 | call to setlocale | Missing error detection for the call to function `setlocale`. | | test.c:29:22:29:27 | call to calloc | Missing error detection for the call to function `calloc`. | diff --git a/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected b/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected index 8daaf8361a..aa5018cdb9 100644 --- a/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected +++ b/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected @@ -1,28 +1,40 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCallFunctionPointerWithIncompatibleType.ql:45,54-62) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCallFunctionPointerWithIncompatibleType.ql:46,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCallFunctionPointerWithIncompatibleType.ql:50,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCallFunctionPointerWithIncompatibleType.ql:55,43-51) edges -| test.c:48:68:48:70 | fns [f1] | test.c:49:3:49:5 | fns [f1] | provenance | | -| test.c:49:3:49:5 | fns [f1] | test.c:49:8:49:9 | f1 | provenance | | -| test.c:61:28:61:29 | f2 | test.c:62:3:62:11 | v1_called | provenance | | -| test.c:73:3:73:5 | fns [post update] [f1] | test.c:75:45:75:48 | & ... [f1] | provenance | | -| test.c:73:3:73:13 | ... = ... | test.c:73:3:73:5 | fns [post update] [f1] | provenance | | +| test.c:48:68:48:70 | *fns [f1] | test.c:49:3:49:5 | *fns [f1] | provenance | | +| test.c:48:68:48:70 | *fns [f2] | test.c:50:3:50:5 | *fns [f2] | provenance | | +| test.c:49:3:49:5 | *fns [f1] | test.c:49:8:49:9 | f1 | provenance | | +| test.c:50:3:50:5 | *fns [f2] | test.c:50:8:50:9 | f2 | provenance | | +| test.c:61:3:61:29 | ... = ... | test.c:62:3:62:11 | v1_called | provenance | | +| test.c:61:15:61:29 | f2 | test.c:61:3:61:29 | ... = ... | provenance | | +| test.c:73:3:73:5 | *fns [post update] [f1] | test.c:74:3:74:5 | *fns [f1] | provenance | | +| test.c:73:3:73:13 | ... = ... | test.c:73:3:73:5 | *fns [post update] [f1] | provenance | | | test.c:73:12:73:13 | v2 | test.c:73:3:73:13 | ... = ... | provenance | | -| test.c:75:45:75:48 | & ... [f1] | test.c:48:68:48:70 | fns [f1] | provenance | | +| test.c:73:12:73:13 | v2 | test.c:74:3:74:13 | ... = ... | provenance | | +| test.c:74:3:74:5 | *fns [f1] | test.c:75:45:75:48 | *& ... [f1] | provenance | | +| test.c:74:3:74:5 | *fns [post update] [f2] | test.c:75:45:75:48 | *& ... [f2] | provenance | | +| test.c:74:3:74:13 | ... = ... | test.c:74:3:74:5 | *fns [post update] [f2] | provenance | | +| test.c:75:45:75:48 | *& ... [f1] | test.c:48:68:48:70 | *fns [f1] | provenance | | +| test.c:75:45:75:48 | *& ... [f2] | test.c:48:68:48:70 | *fns [f2] | provenance | | nodes -| test.c:48:68:48:70 | fns [f1] | semmle.label | fns [f1] | -| test.c:49:3:49:5 | fns [f1] | semmle.label | fns [f1] | +| test.c:48:68:48:70 | *fns [f1] | semmle.label | *fns [f1] | +| test.c:48:68:48:70 | *fns [f2] | semmle.label | *fns [f2] | +| test.c:49:3:49:5 | *fns [f1] | semmle.label | *fns [f1] | | test.c:49:8:49:9 | f1 | semmle.label | f1 | -| test.c:61:28:61:29 | f2 | semmle.label | f2 | +| test.c:50:3:50:5 | *fns [f2] | semmle.label | *fns [f2] | +| test.c:50:8:50:9 | f2 | semmle.label | f2 | +| test.c:61:3:61:29 | ... = ... | semmle.label | ... = ... | +| test.c:61:15:61:29 | f2 | semmle.label | f2 | | test.c:62:3:62:11 | v1_called | semmle.label | v1_called | -| test.c:70:9:70:17 | v3_called | semmle.label | v3_called | -| test.c:73:3:73:5 | fns [post update] [f1] | semmle.label | fns [post update] [f1] | +| test.c:70:4:70:17 | v3_called | semmle.label | v3_called | +| test.c:73:3:73:5 | *fns [post update] [f1] | semmle.label | *fns [post update] [f1] | | test.c:73:3:73:13 | ... = ... | semmle.label | ... = ... | | test.c:73:12:73:13 | v2 | semmle.label | v2 | -| test.c:75:45:75:48 | & ... [f1] | semmle.label | & ... [f1] | +| test.c:74:3:74:5 | *fns [f1] | semmle.label | *fns [f1] | +| test.c:74:3:74:5 | *fns [post update] [f2] | semmle.label | *fns [post update] [f2] | +| test.c:74:3:74:13 | ... = ... | semmle.label | ... = ... | +| test.c:75:45:75:48 | *& ... [f1] | semmle.label | *& ... [f1] | +| test.c:75:45:75:48 | *& ... [f2] | semmle.label | *& ... [f2] | subpaths #select -| test.c:61:28:61:29 | f2 | test.c:61:28:61:29 | f2 | test.c:62:3:62:11 | v1_called | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:41:13:41:14 | f2 | f2 | -| test.c:70:9:70:17 | v3_called | test.c:70:9:70:17 | v3_called | test.c:70:9:70:17 | v3_called | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:58:7:58:15 | v3_called | v3_called | +| test.c:61:15:61:29 | f2 | test.c:61:15:61:29 | f2 | test.c:62:3:62:11 | v1_called | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:41:13:41:14 | f2 | f2 | +| test.c:70:4:70:17 | v3_called | test.c:70:4:70:17 | v3_called | test.c:70:4:70:17 | v3_called | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:58:7:58:15 | v3_called | v3_called | | test.c:73:12:73:13 | v2 | test.c:73:12:73:13 | v2 | test.c:49:8:49:9 | f1 | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:56:7:56:8 | v2 | v2 | diff --git a/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected b/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected index 2ac874e770..9c668408a5 100644 --- a/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected +++ b/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected @@ -1,33 +1,40 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyConstantObjects.ql:40,30-38) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyConstantObjects.ql:41,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyConstantObjects.ql:47,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyConstantObjects.ql:52,19-27) edges -| test.c:5:8:5:9 | & ... | test.c:6:4:6:5 | aa | provenance | | -| test.c:26:15:26:15 | a | test.c:27:4:27:4 | a | provenance | | +| test.c:5:3:5:9 | ... = ... | test.c:6:3:6:5 | * ... | provenance | | +| test.c:5:8:5:9 | & ... | test.c:5:3:5:9 | ... = ... | provenance | | +| test.c:26:15:26:15 | a | test.c:27:3:27:4 | * ... | provenance | | +| test.c:34:13:34:14 | & ... | test.c:34:13:34:14 | & ... | provenance | | +| test.c:34:13:34:14 | & ... | test.c:37:3:37:10 | ... = ... | provenance | | | test.c:34:13:34:14 | & ... | test.c:39:7:39:8 | p1 | provenance | | +| test.c:37:3:37:10 | ... = ... | test.c:40:7:40:9 | * ... | provenance | | | test.c:39:7:39:8 | p1 | test.c:26:15:26:15 | a | provenance | | | test.c:40:7:40:9 | * ... | test.c:26:15:26:15 | a | provenance | | -| test.c:59:7:59:8 | & ... | test.c:60:4:60:4 | p | provenance | | -| test.c:79:11:79:16 | call to strchr | test.c:81:6:81:12 | ... ++ | provenance | | +| test.c:59:3:59:8 | ... = ... | test.c:60:3:60:4 | * ... | provenance | | +| test.c:59:7:59:8 | & ... | test.c:59:3:59:8 | ... = ... | provenance | | +| test.c:79:3:79:31 | ... = ... | test.c:81:5:81:12 | * ... | provenance | | +| test.c:79:11:79:16 | call to strchr | test.c:79:3:79:31 | ... = ... | provenance | | nodes +| test.c:5:3:5:9 | ... = ... | semmle.label | ... = ... | | test.c:5:8:5:9 | & ... | semmle.label | & ... | -| test.c:6:4:6:5 | aa | semmle.label | aa | +| test.c:6:3:6:5 | * ... | semmle.label | * ... | | test.c:26:15:26:15 | a | semmle.label | a | -| test.c:27:4:27:4 | a | semmle.label | a | +| test.c:27:3:27:4 | * ... | semmle.label | * ... | | test.c:34:13:34:14 | & ... | semmle.label | & ... | +| test.c:34:13:34:14 | & ... | semmle.label | & ... | +| test.c:37:3:37:10 | ... = ... | semmle.label | ... = ... | | test.c:39:7:39:8 | p1 | semmle.label | p1 | | test.c:40:7:40:9 | * ... | semmle.label | * ... | +| test.c:59:3:59:8 | ... = ... | semmle.label | ... = ... | | test.c:59:7:59:8 | & ... | semmle.label | & ... | -| test.c:60:4:60:4 | p | semmle.label | p | -| test.c:74:12:74:12 | s | semmle.label | s | +| test.c:60:3:60:4 | * ... | semmle.label | * ... | +| test.c:74:3:74:12 | * ... | semmle.label | * ... | +| test.c:79:3:79:31 | ... = ... | semmle.label | ... = ... | | test.c:79:11:79:16 | call to strchr | semmle.label | call to strchr | -| test.c:81:6:81:12 | ... ++ | semmle.label | ... ++ | +| test.c:81:5:81:12 | * ... | semmle.label | * ... | subpaths #select -| test.c:6:4:6:5 | aa | test.c:5:8:5:9 | & ... | test.c:6:4:6:5 | aa | Const variable assigned with non const-value. | -| test.c:27:4:27:4 | a | test.c:34:13:34:14 | & ... | test.c:27:4:27:4 | a | Const variable assigned with non const-value. | -| test.c:27:4:27:4 | a | test.c:40:7:40:9 | * ... | test.c:27:4:27:4 | a | Const variable assigned with non const-value. | -| test.c:60:4:60:4 | p | test.c:59:7:59:8 | & ... | test.c:60:4:60:4 | p | Const variable assigned with non const-value. | -| test.c:74:12:74:12 | s | test.c:74:12:74:12 | s | test.c:74:12:74:12 | s | Const variable assigned with non const-value. | -| test.c:81:6:81:12 | ... ++ | test.c:79:11:79:16 | call to strchr | test.c:81:6:81:12 | ... ++ | Const variable assigned with non const-value. | +| test.c:6:3:6:5 | * ... | test.c:5:8:5:9 | & ... | test.c:6:3:6:5 | * ... | Const variable assigned with non const-value. | +| test.c:27:3:27:4 | * ... | test.c:34:13:34:14 | & ... | test.c:27:3:27:4 | * ... | Const variable assigned with non const-value. | +| test.c:27:3:27:4 | * ... | test.c:40:7:40:9 | * ... | test.c:27:3:27:4 | * ... | Const variable assigned with non const-value. | +| test.c:60:3:60:4 | * ... | test.c:59:7:59:8 | & ... | test.c:60:3:60:4 | * ... | Const variable assigned with non const-value. | +| test.c:74:3:74:12 | * ... | test.c:74:3:74:12 | * ... | test.c:74:3:74:12 | * ... | Const variable assigned with non const-value. | +| test.c:81:5:81:12 | * ... | test.c:79:11:79:16 | call to strchr | test.c:81:5:81:12 | * ... | Const variable assigned with non const-value. | diff --git a/c/cert/test/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.expected b/c/cert/test/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.expected index ec05727161..8074710738 100644 --- a/c/cert/test/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.expected +++ b/c/cert/test/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.expected @@ -1,7 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:30,32-40) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:31,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:33,14-22) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:36,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:42,21-29) | test.c:7:24:7:30 | & ... | The position argument of a call to `fsetpos()` should be obtained from a call to `fgetpos()`. | | test.c:33:24:33:30 | & ... | The position argument of a call to `fsetpos()` should be obtained from a call to `fgetpos()`. | diff --git a/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected b/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected index 86bdeedf5f..30dece9299 100644 --- a/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected +++ b/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected @@ -1,5 +1,3 @@ -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (InsufficientMemoryAllocatedForObject.ql:90,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (InsufficientMemoryAllocatedForObject.ql:148,5-18) | test.c:12:19:12:24 | call to malloc | Allocation size (32 bytes) is not a multiple of the size of 'S1' (36 bytes). | test.c:12:26:12:32 | 32 | | | test.c:15:19:15:24 | call to malloc | Allocation size calculated from the size of a different type ($@). | test.c:15:26:15:35 | sizeof() | sizeof(S1 *) | | test.c:20:19:20:24 | call to malloc | Allocation size (128 bytes) is not a multiple of the size of 'S1' (36 bytes). | test.c:20:26:20:36 | ... * ... | | diff --git a/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected b/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected index 587ae786d1..6b71a8a76c 100644 --- a/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected +++ b/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected @@ -1,20 +1,23 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:31,36-44) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:45,47-55) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:46,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:50,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:55,36-44) edges -| test.c:5:10:5:22 | call to aligned_alloc | test.c:15:8:15:28 | call to aligned_alloc_wrapper | provenance | | +| test.c:4:7:4:27 | *aligned_alloc_wrapper | test.c:15:8:15:28 | call to aligned_alloc_wrapper | provenance | | +| test.c:5:10:5:22 | call to aligned_alloc | test.c:4:7:4:27 | *aligned_alloc_wrapper | provenance | | +| test.c:5:10:5:22 | call to aligned_alloc | test.c:5:10:5:22 | call to aligned_alloc | provenance | | | test.c:8:29:8:31 | ptr | test.c:8:64:8:66 | ptr | provenance | | -| test.c:15:8:15:28 | call to aligned_alloc_wrapper | test.c:16:24:16:25 | v1 | provenance | | +| test.c:15:3:15:36 | ... = ... | test.c:16:24:16:25 | v1 | provenance | | +| test.c:15:8:15:28 | call to aligned_alloc_wrapper | test.c:15:3:15:36 | ... = ... | provenance | | | test.c:16:24:16:25 | v1 | test.c:8:29:8:31 | ptr | provenance | | -| test.c:22:8:22:20 | call to aligned_alloc | test.c:23:16:23:17 | v3 | provenance | | +| test.c:22:3:22:28 | ... = ... | test.c:23:16:23:17 | v3 | provenance | | +| test.c:22:8:22:20 | call to aligned_alloc | test.c:22:3:22:28 | ... = ... | provenance | | nodes +| test.c:4:7:4:27 | *aligned_alloc_wrapper | semmle.label | *aligned_alloc_wrapper | +| test.c:5:10:5:22 | call to aligned_alloc | semmle.label | call to aligned_alloc | | test.c:5:10:5:22 | call to aligned_alloc | semmle.label | call to aligned_alloc | | test.c:8:29:8:31 | ptr | semmle.label | ptr | | test.c:8:64:8:66 | ptr | semmle.label | ptr | +| test.c:15:3:15:36 | ... = ... | semmle.label | ... = ... | | test.c:15:8:15:28 | call to aligned_alloc_wrapper | semmle.label | call to aligned_alloc_wrapper | | test.c:16:24:16:25 | v1 | semmle.label | v1 | +| test.c:22:3:22:28 | ... = ... | semmle.label | ... = ... | | test.c:22:8:22:20 | call to aligned_alloc | semmle.label | call to aligned_alloc | | test.c:23:16:23:17 | v3 | semmle.label | v3 | subpaths diff --git a/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected b/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected index 4898448814..a601fe63f4 100644 --- a/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected +++ b/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected @@ -1,6 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql:110,11-19) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql:110,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql:111,9-17) | test.c:10:3:10:18 | call to log_local_unsafe | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | | test.c:11:3:11:6 | call to free | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | | test.c:46:3:46:9 | call to longjmp | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:50:7:50:12 | call to signal | signal handler | diff --git a/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected b/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected index fb78049d25..31412c466a 100644 --- a/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected +++ b/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected @@ -1,2 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotReturnFromAComputationalExceptionHandler.ql:44,5-13) | test.c:10:1:10:1 | return ... | Do not return from a $@ signal handler. | test.c:13:10:13:15 | SIGFPE | computational exception | diff --git a/c/common/src/codingstandards/c/Signal.qll b/c/common/src/codingstandards/c/Signal.qll index 2a570b654f..2f7844ab11 100644 --- a/c/common/src/codingstandards/c/Signal.qll +++ b/c/common/src/codingstandards/c/Signal.qll @@ -1,5 +1,5 @@ import cpp -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow /** * A signal corresponding to a computational exception diff --git a/c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql b/c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql index 86756668a8..b55f5ec16a 100644 --- a/c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql +++ b/c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql @@ -13,7 +13,7 @@ */ import cpp -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.c.misra import codingstandards.c.Ordering import codingstandards.c.orderofevaluation.VariableAccessOrdering diff --git a/c/misra/src/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.ql b/c/misra/src/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.ql index b487f5b9b5..f5f5e134fd 100644 --- a/c/misra/src/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.ql +++ b/c/misra/src/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.ql @@ -16,13 +16,13 @@ import cpp import codingstandards.c.misra import codingstandards.c.misra.EssentialTypes -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import NullTerminatedStringToMemcmpFlow::PathGraph // Data flow from a StringLiteral or from an array of characters, to a memcmp call module NullTerminatedStringToMemcmpConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source.asExpr() instanceof StringLiteral + source.asIndirectExpr(1) instanceof StringLiteral or exists(Variable v, ArrayAggregateLiteral aal | aal = v.getInitializer().getExpr() and @@ -31,26 +31,14 @@ module NullTerminatedStringToMemcmpConfig implements DataFlow::ConfigSig { // Includes a null terminator somewhere in the array initializer aal.getAnElementExpr(_).getValue().toInt() = 0 | - // For local variables, use the array aggregate literal as the source aal = source.asExpr() - or - // ArrayAggregateLiterals used as initializers for global variables are not viable sources - // for global data flow, so we instead report variable accesses as sources, where the variable - // is constant or is not assigned in the program - v instanceof GlobalVariable and - source.asExpr() = v.getAnAccess() and - ( - v.isConst() - or - not exists(Expr e | e = v.getAnAssignedValue() and not e = aal) - ) ) } predicate isSink(DataFlow::Node sink) { exists(FunctionCall memcmp | memcmp.getTarget().hasGlobalOrStdName("memcmp") and - sink.asExpr() = memcmp.getArgument([0, 1]) + sink.asIndirectExpr() = memcmp.getArgument([0, 1]) ) } } @@ -67,8 +55,8 @@ from where not isExcluded(memcmp, EssentialTypesPackage::memcmpUsedToCompareNullTerminatedStringsQuery()) and memcmp.getTarget().hasGlobalOrStdName("memcmp") and - arg1.getNode().asExpr() = memcmp.getArgument(0) and - arg2.getNode().asExpr() = memcmp.getArgument(1) and + arg1.getNode().asIndirectExpr(1) = memcmp.getArgument(0) and + arg2.getNode().asIndirectExpr(1) = memcmp.getArgument(1) and // There is a path from a null-terminated string to each argument NullTerminatedStringToMemcmpFlow::flowPath(source1, arg1) and NullTerminatedStringToMemcmpFlow::flowPath(source2, arg2) and diff --git a/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql b/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql index 1da495ca28..44bc22620d 100644 --- a/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql +++ b/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql @@ -15,7 +15,7 @@ import cpp import codingstandards.c.misra import codingstandards.cpp.ReadErrorsAndEOF -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * The getchar() return value propagates directly to a check against EOF macro diff --git a/c/misra/test/rules/RULE-13-2/UnsequencedAtomicReads.expected b/c/misra/test/rules/RULE-13-2/UnsequencedAtomicReads.expected index 4fa06eb069..0b8d5daca8 100644 --- a/c/misra/test/rules/RULE-13-2/UnsequencedAtomicReads.expected +++ b/c/misra/test/rules/RULE-13-2/UnsequencedAtomicReads.expected @@ -1,5 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnsequencedAtomicReads.ql:112,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnsequencedAtomicReads.ql:112,67-75) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (UnsequencedAtomicReads.ql:112,5-18) | test.c:44:12:44:18 | ... + ... | Atomic variable $@ has a $@ that is unsequenced with $@. | test.c:42:15:42:16 | a1 | a1 | test.c:44:12:44:13 | a1 | previous read | test.c:44:17:44:18 | a1 | another read | | test.c:46:3:46:37 | ... + ... | Atomic variable $@ has a $@ that is unsequenced with $@. | test.c:42:15:42:16 | a1 | a1 | test.c:46:16:46:17 | a1 | previous read | test.c:46:35:46:36 | a1 | another read | diff --git a/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected b/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected index 5ae49919a9..7fbb4e322a 100644 --- a/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected +++ b/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected @@ -1,38 +1,62 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (MemcmpUsedToCompareNullTerminatedStrings.ql:23,54-62) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (MemcmpUsedToCompareNullTerminatedStrings.ql:24,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (MemcmpUsedToCompareNullTerminatedStrings.ql:50,20-28) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (MemcmpUsedToCompareNullTerminatedStrings.ql:58,43-56) edges -| test.c:12:13:12:15 | a | test.c:14:10:14:10 | a | provenance | | -| test.c:12:13:12:15 | a | test.c:23:13:23:13 | a | provenance | | -| test.c:12:13:12:15 | a | test.c:24:10:24:10 | a | provenance | | -| test.c:13:13:13:15 | b | test.c:14:13:14:13 | b | provenance | | -| test.c:18:15:18:28 | {...} | test.c:21:10:21:10 | e | provenance | | -| test.c:19:15:19:28 | {...} | test.c:21:13:21:13 | f | provenance | | +| test.c:6:6:6:6 | *c | test.c:6:15:6:17 | 97 | provenance | | +| test.c:6:6:6:6 | *c | test.c:16:10:16:10 | *c | provenance | | +| test.c:6:6:6:6 | *c | test.c:26:13:26:13 | *c | provenance | | +| test.c:6:6:6:6 | *c | test.c:27:10:27:10 | *c | provenance | | +| test.c:6:14:6:26 | {...} | test.c:6:6:6:6 | *c | provenance | | +| test.c:6:15:6:17 | 97 | test.c:6:20:6:22 | 98 | provenance | | +| test.c:6:20:6:22 | 98 | test.c:6:25:6:25 | {...} | provenance | | +| test.c:6:25:6:25 | {...} | test.c:6:14:6:26 | {...} | provenance | | +| test.c:7:6:7:6 | *d | test.c:7:15:7:17 | 97 | provenance | | +| test.c:7:6:7:6 | *d | test.c:16:13:16:13 | *d | provenance | | +| test.c:7:14:7:26 | {...} | test.c:7:6:7:6 | *d | provenance | | +| test.c:7:15:7:17 | 97 | test.c:7:20:7:22 | 98 | provenance | | +| test.c:7:20:7:22 | 98 | test.c:7:25:7:25 | {...} | provenance | | +| test.c:7:25:7:25 | {...} | test.c:7:14:7:26 | {...} | provenance | | +| test.c:12:13:12:15 | *a | test.c:14:10:14:10 | *a | provenance | DataFlowFunction | +| test.c:12:13:12:15 | *a | test.c:23:13:23:13 | *a | provenance | DataFlowFunction | +| test.c:12:13:12:15 | *a | test.c:24:10:24:10 | *a | provenance | DataFlowFunction | +| test.c:13:13:13:15 | *b | test.c:14:13:14:13 | *b | provenance | DataFlowFunction | +| test.c:18:15:18:28 | {...} | test.c:21:10:21:10 | *e | provenance | | +| test.c:18:27:18:27 | {...} | test.c:18:15:18:28 | {...} | provenance | | +| test.c:19:15:19:28 | {...} | test.c:21:13:21:13 | *f | provenance | | +| test.c:19:27:19:27 | {...} | test.c:19:15:19:28 | {...} | provenance | | nodes -| test.c:10:10:10:12 | a | semmle.label | a | -| test.c:10:15:10:17 | b | semmle.label | b | -| test.c:12:13:12:15 | a | semmle.label | a | -| test.c:13:13:13:15 | b | semmle.label | b | -| test.c:14:10:14:10 | a | semmle.label | a | -| test.c:14:13:14:13 | b | semmle.label | b | -| test.c:16:10:16:10 | c | semmle.label | c | -| test.c:16:13:16:13 | d | semmle.label | d | +| test.c:6:6:6:6 | *c | semmle.label | *c | +| test.c:6:14:6:26 | {...} | semmle.label | {...} | +| test.c:6:15:6:17 | 97 | semmle.label | 97 | +| test.c:6:20:6:22 | 98 | semmle.label | 98 | +| test.c:6:25:6:25 | {...} | semmle.label | {...} | +| test.c:7:6:7:6 | *d | semmle.label | *d | +| test.c:7:14:7:26 | {...} | semmle.label | {...} | +| test.c:7:15:7:17 | 97 | semmle.label | 97 | +| test.c:7:20:7:22 | 98 | semmle.label | 98 | +| test.c:7:25:7:25 | {...} | semmle.label | {...} | +| test.c:10:10:10:12 | *a | semmle.label | *a | +| test.c:10:15:10:17 | *b | semmle.label | *b | +| test.c:12:13:12:15 | *a | semmle.label | *a | +| test.c:13:13:13:15 | *b | semmle.label | *b | +| test.c:14:10:14:10 | *a | semmle.label | *a | +| test.c:14:13:14:13 | *b | semmle.label | *b | +| test.c:16:10:16:10 | *c | semmle.label | *c | +| test.c:16:13:16:13 | *d | semmle.label | *d | | test.c:18:15:18:28 | {...} | semmle.label | {...} | +| test.c:18:27:18:27 | {...} | semmle.label | {...} | | test.c:19:15:19:28 | {...} | semmle.label | {...} | -| test.c:21:10:21:10 | e | semmle.label | e | -| test.c:21:13:21:13 | f | semmle.label | f | -| test.c:23:13:23:13 | a | semmle.label | a | -| test.c:24:10:24:10 | a | semmle.label | a | -| test.c:26:13:26:13 | c | semmle.label | c | -| test.c:27:10:27:10 | c | semmle.label | c | +| test.c:19:27:19:27 | {...} | semmle.label | {...} | +| test.c:21:10:21:10 | *e | semmle.label | *e | +| test.c:21:13:21:13 | *f | semmle.label | *f | +| test.c:23:13:23:13 | *a | semmle.label | *a | +| test.c:24:10:24:10 | *a | semmle.label | *a | +| test.c:26:13:26:13 | *c | semmle.label | *c | +| test.c:27:10:27:10 | *c | semmle.label | *c | subpaths #select -| test.c:10:3:10:8 | call to memcmp | test.c:10:10:10:12 | a | test.c:10:10:10:12 | a | memcmp used to compare $@ with $@. | test.c:10:10:10:12 | a | null-terminated string | test.c:10:15:10:17 | b | null-terminated string | -| test.c:10:3:10:8 | call to memcmp | test.c:10:15:10:17 | b | test.c:10:15:10:17 | b | memcmp used to compare $@ with $@. | test.c:10:10:10:12 | a | null-terminated string | test.c:10:15:10:17 | b | null-terminated string | -| test.c:14:3:14:8 | call to memcmp | test.c:12:13:12:15 | a | test.c:14:10:14:10 | a | memcmp used to compare $@ with $@. | test.c:12:13:12:15 | a | null-terminated string | test.c:13:13:13:15 | b | null-terminated string | -| test.c:14:3:14:8 | call to memcmp | test.c:13:13:13:15 | b | test.c:14:13:14:13 | b | memcmp used to compare $@ with $@. | test.c:12:13:12:15 | a | null-terminated string | test.c:13:13:13:15 | b | null-terminated string | -| test.c:16:3:16:8 | call to memcmp | test.c:16:10:16:10 | c | test.c:16:10:16:10 | c | memcmp used to compare $@ with $@. | test.c:16:10:16:10 | c | null-terminated string | test.c:16:13:16:13 | d | null-terminated string | -| test.c:16:3:16:8 | call to memcmp | test.c:16:13:16:13 | d | test.c:16:13:16:13 | d | memcmp used to compare $@ with $@. | test.c:16:10:16:10 | c | null-terminated string | test.c:16:13:16:13 | d | null-terminated string | -| test.c:21:3:21:8 | call to memcmp | test.c:18:15:18:28 | {...} | test.c:21:10:21:10 | e | memcmp used to compare $@ with $@. | test.c:18:15:18:28 | {...} | null-terminated string | test.c:19:15:19:28 | {...} | null-terminated string | -| test.c:21:3:21:8 | call to memcmp | test.c:19:15:19:28 | {...} | test.c:21:13:21:13 | f | memcmp used to compare $@ with $@. | test.c:18:15:18:28 | {...} | null-terminated string | test.c:19:15:19:28 | {...} | null-terminated string | +| test.c:10:3:10:8 | call to memcmp | test.c:10:10:10:12 | *a | test.c:10:10:10:12 | *a | memcmp used to compare $@ with $@. | test.c:10:10:10:12 | *a | null-terminated string | test.c:10:15:10:17 | *b | null-terminated string | +| test.c:10:3:10:8 | call to memcmp | test.c:10:15:10:17 | *b | test.c:10:15:10:17 | *b | memcmp used to compare $@ with $@. | test.c:10:10:10:12 | *a | null-terminated string | test.c:10:15:10:17 | *b | null-terminated string | +| test.c:14:3:14:8 | call to memcmp | test.c:12:13:12:15 | *a | test.c:14:10:14:10 | *a | memcmp used to compare $@ with $@. | test.c:12:13:12:15 | *a | null-terminated string | test.c:13:13:13:15 | *b | null-terminated string | +| test.c:14:3:14:8 | call to memcmp | test.c:13:13:13:15 | *b | test.c:14:13:14:13 | *b | memcmp used to compare $@ with $@. | test.c:12:13:12:15 | *a | null-terminated string | test.c:13:13:13:15 | *b | null-terminated string | +| test.c:16:3:16:8 | call to memcmp | test.c:6:25:6:25 | {...} | test.c:16:10:16:10 | *c | memcmp used to compare $@ with $@. | test.c:6:25:6:25 | {...} | null-terminated string | test.c:7:25:7:25 | {...} | null-terminated string | +| test.c:16:3:16:8 | call to memcmp | test.c:7:25:7:25 | {...} | test.c:16:13:16:13 | *d | memcmp used to compare $@ with $@. | test.c:6:25:6:25 | {...} | null-terminated string | test.c:7:25:7:25 | {...} | null-terminated string | +| test.c:21:3:21:8 | call to memcmp | test.c:18:27:18:27 | {...} | test.c:21:10:21:10 | *e | memcmp used to compare $@ with $@. | test.c:18:27:18:27 | {...} | null-terminated string | test.c:19:27:19:27 | {...} | null-terminated string | +| test.c:21:3:21:8 | call to memcmp | test.c:19:27:19:27 | {...} | test.c:21:13:21:13 | *f | memcmp used to compare $@ with $@. | test.c:18:27:18:27 | {...} | null-terminated string | test.c:19:27:19:27 | {...} | null-terminated string | diff --git a/c/misra/test/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.expected b/c/misra/test/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.expected index 210a3a9218..709d8b002c 100644 --- a/c/misra/test/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.expected +++ b/c/misra/test/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.expected @@ -1,10 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:24,28-36) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:25,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:29,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:38,23-31) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:43,17-25) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:52,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:60,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:60,46-54) | test.c:6:7:6:20 | ... != ... | The check is not reliable as the type of the return value of $@ is converted. | test.c:5:14:5:20 | call to getchar | call to getchar | | test.c:13:7:13:15 | ... != ... | The check is not reliable as the type of the return value of $@ is converted. | test.c:12:14:12:20 | call to getchar | call to getchar | diff --git a/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql b/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql index 4593065e01..88ac1a7856 100644 --- a/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql +++ b/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql @@ -14,7 +14,7 @@ */ import cpp -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.cpp.autosar import codingstandards.cpp.UserDefinedLiteral as udl import codingstandards.cpp.SideEffect diff --git a/cpp/autosar/src/rules/A13-2-1/AssignmentOperatorReturnThis.ql b/cpp/autosar/src/rules/A13-2-1/AssignmentOperatorReturnThis.ql index 4e6b7d6f0c..c7583373c3 100644 --- a/cpp/autosar/src/rules/A13-2-1/AssignmentOperatorReturnThis.ql +++ b/cpp/autosar/src/rules/A13-2-1/AssignmentOperatorReturnThis.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.Operator -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow predicate returnsThisPointer(UserAssignmentOperator o) { exists(PointerDereferenceExpr p, ThisExpr t, ReturnStmt r | diff --git a/cpp/autosar/src/rules/A15-1-3/ThrownExceptionsShouldBeUnique.ql b/cpp/autosar/src/rules/A15-1-3/ThrownExceptionsShouldBeUnique.ql index 97e9133a7a..abcd503670 100644 --- a/cpp/autosar/src/rules/A15-1-3/ThrownExceptionsShouldBeUnique.ql +++ b/cpp/autosar/src/rules/A15-1-3/ThrownExceptionsShouldBeUnique.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.exceptions.ExceptionFlow -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.valuenumbering.HashCons /** Find a value which defines the exception thrown by the `DirectThrowExpr`, if any. */ diff --git a/cpp/autosar/test/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.expected b/cpp/autosar/test/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.expected index 5d1d6022b5..53dc884023 100644 --- a/cpp/autosar/test/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.expected +++ b/cpp/autosar/test/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.expected @@ -1,4 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql:27,33-41) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql:28,5-13) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql:27,7-20) | test.cpp:47:8:47:23 | operator ""_uds5 | User defined literal operator returns $@, which is not converted from a passed parameter | test.cpp:48:10:48:12 | 0.0 | expression | diff --git a/cpp/autosar/test/rules/A13-2-1/AssignmentOperatorReturnThis.expected b/cpp/autosar/test/rules/A13-2-1/AssignmentOperatorReturnThis.expected index 9c0d50ca86..e9929173b0 100644 --- a/cpp/autosar/test/rules/A13-2-1/AssignmentOperatorReturnThis.expected +++ b/cpp/autosar/test/rules/A13-2-1/AssignmentOperatorReturnThis.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AssignmentOperatorReturnThis.ql:25,5-13) | test.cpp:10:12:10:20 | operator= | User-defined assignment operator $@ does not return *this | test.cpp:10:12:10:20 | operator= | user defined assignment operator | | test.cpp:17:11:17:19 | operator= | User-defined assignment operator $@ does not return *this | test.cpp:17:11:17:19 | operator= | user defined assignment operator | | test.cpp:24:12:24:20 | operator= | User-defined assignment operator $@ does not return *this | test.cpp:24:12:24:20 | operator= | user defined assignment operator | diff --git a/cpp/autosar/test/rules/A15-1-3/ThrownExceptionsShouldBeUnique.expected b/cpp/autosar/test/rules/A15-1-3/ThrownExceptionsShouldBeUnique.expected index 5db0f83985..b085736659 100644 --- a/cpp/autosar/test/rules/A15-1-3/ThrownExceptionsShouldBeUnique.expected +++ b/cpp/autosar/test/rules/A15-1-3/ThrownExceptionsShouldBeUnique.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThrownExceptionsShouldBeUnique.ql:24,3-11) | test.cpp:6:5:6:26 | throw ... | The $@ thrown here is a possible duplicate of the $@ thrown $@. | test.cpp:6:5:6:26 | call to exception | std::exception exception | test.cpp:14:5:14:26 | call to exception | exception | test.cpp:14:5:14:26 | throw ... | here | | test.cpp:8:5:8:53 | throw ... | The $@ thrown here is a possible duplicate of the $@ thrown $@. | test.cpp:8:5:8:53 | call to runtime_error | std::runtime_error exception | test.cpp:16:5:16:53 | call to runtime_error | exception | test.cpp:16:5:16:53 | throw ... | here | | test.cpp:14:5:14:26 | throw ... | The $@ thrown here is a possible duplicate of the $@ thrown $@. | test.cpp:14:5:14:26 | call to exception | std::exception exception | test.cpp:6:5:6:26 | call to exception | exception | test.cpp:6:5:6:26 | throw ... | here |