Merge pull request #2851 from jbj/ir-enable-only

C++: Use IR for security.TaintTracking and GVN

Author: rdmarsh2

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

@@ -303,10 +303,12 @@ ParameterNode parameterNode(Parameter p) { result.getParameter() = p }
 VariableNode variableNode(Variable v) { result.getVariable() = v }
 
 /**
+ * DEPRECATED: See UninitializedNode.
+ *
  * Gets the `Node` corresponding to the value of an uninitialized local
  * variable `v`.
  */
-UninitializedNode uninitializedNode(LocalVariable v) { result.getLocalVariable() = v }
+Node uninitializedNode(LocalVariable v) { none() }
 
 /**
  * Holds if data flows from `nodeFrom` to `nodeTo` in exactly one local

cpp/ql/src/semmle/code/cpp/security/TaintTracking.qll

@@ -2,4 +2,4 @@
  * Support for tracking tainted data through the program.
  */
 
-import TaintTrackingImpl
+import semmle.code.cpp.ir.dataflow.DefaultTaintTracking

cpp/ql/src/semmle/code/cpp/valuenumbering/GlobalValueNumbering.qll

@@ -1 +1 @@
-import GlobalValueNumberingImpl
+import semmle.code.cpp.ir.internal.ASTValueNumbering

cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected

@@ -15,39 +15,27 @@
 | test.cpp:38:23:38:28 | call to getenv | test.cpp:38:23:38:28 | call to getenv |  |
 | test.cpp:38:23:38:28 | call to getenv | test.cpp:38:23:38:40 | (const char *)... |  |
 | test.cpp:38:23:38:28 | call to getenv | test.cpp:40:14:40:19 | envStr |  |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:8:24:8:25 | s1 | envStrGlobal |
+| test.cpp:49:23:49:28 | call to getenv | test.cpp:8:24:8:25 | s1 |  |
 | test.cpp:49:23:49:28 | call to getenv | test.cpp:45:13:45:24 | envStrGlobal |  |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:45:13:45:24 | envStrGlobal | envStrGlobal |
 | test.cpp:49:23:49:28 | call to getenv | test.cpp:49:14:49:19 | envStr |  |
 | test.cpp:49:23:49:28 | call to getenv | test.cpp:49:23:49:28 | call to getenv |  |
 | test.cpp:49:23:49:28 | call to getenv | test.cpp:49:23:49:40 | (const char *)... |  |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:15:50:24 | envStr_ptr |  |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:15:50:24 | envStr_ptr | envStrGlobal |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:28:50:40 | & ... | envStrGlobal |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:29:50:40 | envStrGlobal | envStrGlobal |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:52:2:52:12 | * ... |  |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:52:3:52:12 | envStr_ptr |  |
 | test.cpp:49:23:49:28 | call to getenv | test.cpp:52:16:52:21 | envStr |  |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:6:54:35 | ! ... | envStrGlobal |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:12 | call to strcmp | envStrGlobal |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:35 | (bool)... | envStrGlobal |
-| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:14:54:25 | envStrGlobal | envStrGlobal |
+| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:6:54:35 | ! ... |  |
+| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:12 | call to strcmp |  |
+| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:35 | (bool)... |  |
+| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:14:54:25 | envStrGlobal |  |
 | test.cpp:60:29:60:34 | call to getenv | test.cpp:10:27:10:27 | s |  |
 | test.cpp:60:29:60:34 | call to getenv | test.cpp:60:18:60:25 | userName |  |
 | test.cpp:60:29:60:34 | call to getenv | test.cpp:60:29:60:34 | call to getenv |  |
 | test.cpp:60:29:60:34 | call to getenv | test.cpp:60:29:60:47 | (const char *)... |  |
 | test.cpp:60:29:60:34 | call to getenv | test.cpp:64:25:64:32 | userName |  |
-| test.cpp:68:28:68:33 | call to getenv | test.cpp:11:20:11:21 | s1 |  |
 | test.cpp:68:28:68:33 | call to getenv | test.cpp:11:36:11:37 | s2 |  |
-| test.cpp:68:28:68:33 | call to getenv | test.cpp:67:7:67:13 | copying |  |
 | test.cpp:68:28:68:33 | call to getenv | test.cpp:68:17:68:24 | userName |  |
 | test.cpp:68:28:68:33 | call to getenv | test.cpp:68:28:68:33 | call to getenv |  |
 | test.cpp:68:28:68:33 | call to getenv | test.cpp:68:28:68:46 | (const char *)... |  |
-| test.cpp:68:28:68:33 | call to getenv | test.cpp:69:10:69:13 | copy |  |
 | test.cpp:68:28:68:33 | call to getenv | test.cpp:70:5:70:10 | call to strcpy |  |
-| test.cpp:68:28:68:33 | call to getenv | test.cpp:70:12:70:15 | copy |  |
 | test.cpp:68:28:68:33 | call to getenv | test.cpp:70:18:70:25 | userName |  |
-| test.cpp:68:28:68:33 | call to getenv | test.cpp:71:12:71:15 | copy |  |
 | test.cpp:75:20:75:25 | call to getenv | test.cpp:15:22:15:25 | nptr |  |
 | test.cpp:75:20:75:25 | call to getenv | test.cpp:75:15:75:18 | call to atoi |  |
 | test.cpp:75:20:75:25 | call to getenv | test.cpp:75:20:75:25 | call to getenv |  |

cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.ql

@@ -1,4 +1,4 @@
-import semmle.code.cpp.security.TaintTracking as AST
+import semmle.code.cpp.security.TaintTrackingImpl as AST
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IR
 import cpp
 

cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/GlobalValueNumbering.expected

@@ -1,40 +1,42 @@
-| test.cpp:5:3:5:3 | x | 5:c3-c3 6:c3-c3 |
-| test.cpp:5:7:5:8 | p0 | 5:c7-c8 6:c7-c8 |
-| test.cpp:5:7:5:13 | ... + ... | 5:c7-c13 6:c7-c13 7:c7-c7 |
-| test.cpp:5:12:5:13 | p1 | 5:c12-c13 6:c12-c13 |
-| test.cpp:16:3:16:3 | x | 16:c3-c3 17:c3-c3 |
-| test.cpp:16:7:16:8 | p0 | 16:c7-c8 17:c7-c8 |
-| test.cpp:16:7:16:13 | ... + ... | 16:c7-c13 17:c7-c13 |
-| test.cpp:16:7:16:24 | ... + ... | 16:c7-c24 17:c7-c24 18:c7-c7 |
-| test.cpp:16:12:16:13 | p1 | 16:c12-c13 17:c12-c13 |
-| test.cpp:16:17:16:24 | global01 | 16:c17-c24 17:c17-c24 |
-| test.cpp:29:7:29:8 | p0 | 29:c7-c8 31:c7-c8 |
-| test.cpp:29:7:29:13 | ... + ... | 29:c7-c13 31:c7-c13 |
-| test.cpp:29:12:29:13 | p1 | 29:c12-c13 31:c12-c13 |
-| test.cpp:31:7:31:24 | ... + ... | 31:c7-c24 32:c7-c7 |
-| test.cpp:43:7:43:8 | p0 | 43:c7-c8 45:c7-c8 |
-| test.cpp:43:7:43:13 | ... + ... | 43:c7-c13 45:c7-c13 |
-| test.cpp:43:12:43:13 | p1 | 43:c12-c13 45:c12-c13 |
-| test.cpp:44:9:44:9 | 0 | 44:c9-c9 51:c25-c25 53:c18-c21 56:c39-c42 59:c17-c20 88:c12-c12 |
-| test.cpp:45:7:45:24 | ... + ... | 45:c7-c24 46:c7-c7 |
-| test.cpp:53:10:53:13 | (int)... | 53:c10-c13 56:c21-c24 |
-| test.cpp:53:10:53:13 | * ... | 53:c10-c13 56:c21-c24 |
-| test.cpp:53:11:53:13 | str | 53:c11-c13 56:c22-c24 |
-| test.cpp:53:18:53:21 | 0 | 53:c18-c21 56:c39-c42 59:c17-c20 |
-| test.cpp:56:13:56:16 | (int)... | 56:c13-c16 56:c31-c34 59:c9-c12 |
-| test.cpp:56:13:56:16 | * ... | 56:c13-c16 56:c31-c34 59:c9-c12 |
-| test.cpp:56:14:56:16 | ptr | 56:c14-c16 56:c32-c34 56:c47-c49 59:c10-c12 |
-| test.cpp:62:5:62:10 | result | 62:c5-c10 65:c10-c15 |
-| test.cpp:77:20:77:30 | (signed short)... | 77:c20-c30 79:c7-c7 |
-| test.cpp:79:11:79:14 | vals | 79:c11-c14 79:c24-c27 |
-| test.cpp:105:11:105:12 | (Base *)... | 105:c11-c12 106:c14-c35 107:c11-c12 |
-| test.cpp:105:11:105:12 | pd | 105:c11-c12 106:c33-c34 |
-| test.cpp:105:15:105:15 | b | 105:c15-c15 107:c15-c15 109:c10-c10 |
-| test.cpp:125:11:125:12 | pa | 125:c11-c12 126:c11-c12 128:c3-c4 129:c11-c12 |
-| test.cpp:125:15:125:15 | x | 125:c15-c15 126:c15-c15 128:c7-c7 |
-| test.cpp:136:11:136:18 | global_a | 136:c11-c18 137:c11-c18 139:c3-c10 |
-| test.cpp:136:21:136:21 | x | 136:c21-c21 137:c21-c21 139:c13-c13 |
-| test.cpp:144:11:144:12 | pa | 144:c11-c12 145:c11-c12 147:c3-c4 149:c11-c12 |
-| test.cpp:145:15:145:15 | y | 145:c15-c15 147:c7-c7 |
-| test.cpp:153:11:153:18 | global_a | 153:c11-c18 154:c11-c18 156:c3-c10 |
-| test.cpp:153:21:153:21 | x | 153:c21-c21 154:c21-c21 |
+| test.cpp:5:3:5:3 | GVN | 5:c3-c3 6:c3-c3 |
+| test.cpp:5:7:5:8 | GVN | 5:c7-c8 6:c7-c8 |
+| test.cpp:5:7:5:13 | GVN | 5:c7-c13 6:c7-c13 7:c7-c7 |
+| test.cpp:5:12:5:13 | GVN | 5:c12-c13 6:c12-c13 |
+| test.cpp:16:3:16:3 | GVN | 16:c3-c3 17:c3-c3 |
+| test.cpp:16:7:16:8 | GVN | 16:c7-c8 17:c7-c8 |
+| test.cpp:16:7:16:13 | GVN | 16:c7-c13 17:c7-c13 |
+| test.cpp:16:7:16:24 | GVN | 16:c7-c24 17:c7-c24 18:c7-c7 |
+| test.cpp:16:12:16:13 | GVN | 16:c12-c13 17:c12-c13 |
+| test.cpp:16:17:16:24 | GVN | 16:c17-c24 17:c17-c24 |
+| test.cpp:29:3:29:3 | GVN | 29:c3-c3 31:c3-c3 |
+| test.cpp:29:7:29:8 | GVN | 29:c7-c8 31:c7-c8 |
+| test.cpp:29:7:29:13 | GVN | 29:c7-c13 31:c7-c13 |
+| test.cpp:29:12:29:13 | GVN | 29:c12-c13 31:c12-c13 |
+| test.cpp:31:7:31:24 | GVN | 31:c7-c24 32:c7-c7 |
+| test.cpp:43:3:43:3 | GVN | 43:c3-c3 45:c3-c3 |
+| test.cpp:43:7:43:8 | GVN | 43:c7-c8 45:c7-c8 |
+| test.cpp:43:7:43:13 | GVN | 43:c7-c13 45:c7-c13 |
+| test.cpp:43:7:43:24 | GVN | 43:c7-c24 45:c7-c24 46:c7-c7 |
+| test.cpp:43:12:43:13 | GVN | 43:c12-c13 45:c12-c13 |
+| test.cpp:43:17:43:24 | GVN | 43:c17-c24 45:c17-c24 |
+| test.cpp:44:3:44:5 | GVN | 44:c3-c5 44:c4-c5 |
+| test.cpp:53:10:53:13 | GVN | 53:c10-c13 56:c21-c24 |
+| test.cpp:53:10:53:13 | GVN | 53:c10-c13 56:c21-c24 |
+| test.cpp:53:11:53:13 | GVN | 53:c11-c13 56:c22-c24 |
+| test.cpp:53:18:53:21 | GVN | 53:c18-c21 56:c39-c42 59:c17-c20 |
+| test.cpp:56:14:56:16 | GVN | 56:c14-c16 56:c32-c34 56:c47-c49 59:c10-c12 |
+| test.cpp:62:5:62:10 | GVN | 62:c5-c10 65:c10-c15 |
+| test.cpp:77:20:77:28 | GVN | 77:c20-c28 79:c7-c7 |
+| test.cpp:79:11:79:14 | GVN | 79:c11-c14 79:c24-c27 |
+| test.cpp:92:11:92:16 | GVN | 92:c11-c16 92:c15-c16 93:c10-c10 |
+| test.cpp:105:11:105:12 | GVN | 105:c11-c12 106:c33-c34 |
+| test.cpp:105:11:105:12 | GVN | 105:c11-c12 106:c33-c34 107:c11-c12 |
+| test.cpp:105:15:105:15 | GVN | 105:c15-c15 107:c15-c15 109:c10-c10 |
+| test.cpp:113:3:113:5 | GVN | 113:c3-c5 115:c3-c5 |
+| test.cpp:125:11:125:12 | GVN | 125:c11-c12 126:c11-c12 128:c3-c4 129:c11-c12 |
+| test.cpp:125:15:125:15 | GVN | 125:c15-c15 126:c15-c15 |
+| test.cpp:128:11:128:11 | GVN | 128:c11-c11 129:c15-c15 |
+| test.cpp:136:11:136:18 | GVN | 136:c11-c18 137:c11-c18 139:c3-c10 |
+| test.cpp:144:11:144:12 | GVN | 144:c11-c12 145:c11-c12 147:c3-c4 149:c11-c12 |
+| test.cpp:144:15:144:15 | GVN | 144:c15-c15 149:c15-c15 |
+| test.cpp:153:11:153:18 | GVN | 153:c11-c18 154:c11-c18 156:c3-c10 |

cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/Uniqueness.expected

@@ -0,0 +1,58 @@
+| test.cpp:5:3:5:13 | ... = ... |  |
+| test.cpp:6:3:6:13 | ... = ... |  |
+| test.cpp:7:3:7:7 | ... = ... |  |
+| test.cpp:10:16:10:16 | 1 |  |
+| test.cpp:16:3:16:24 | ... = ... |  |
+| test.cpp:17:3:17:24 | ... = ... |  |
+| test.cpp:18:3:18:7 | ... = ... |  |
+| test.cpp:21:16:21:16 | 2 |  |
+| test.cpp:29:3:29:24 | ... = ... |  |
+| test.cpp:30:3:30:17 | call to change_global02 |  |
+| test.cpp:31:3:31:24 | ... = ... |  |
+| test.cpp:32:3:32:7 | ... = ... |  |
+| test.cpp:35:16:35:16 | 3 |  |
+| test.cpp:43:3:43:24 | ... = ... |  |
+| test.cpp:44:3:44:9 | ... = ... |  |
+| test.cpp:45:3:45:24 | ... = ... |  |
+| test.cpp:46:3:46:7 | ... = ... |  |
+| test.cpp:51:25:51:25 | (unsigned int)... |  |
+| test.cpp:53:10:53:13 | (int)... |  |
+| test.cpp:53:10:53:13 | * ... | LoadTotalOverlap, Unary |
+| test.cpp:53:18:53:21 | (int)... |  |
+| test.cpp:55:5:55:15 | ... = ... |  |
+| test.cpp:56:12:56:25 | (...) |  |
+| test.cpp:56:12:56:43 | ... && ... |  |
+| test.cpp:56:13:56:16 | (int)... |  |
+| test.cpp:56:13:56:16 | * ... | Unary, Unique |
+| test.cpp:56:21:56:24 | (int)... |  |
+| test.cpp:56:21:56:24 | * ... | LoadTotalOverlap, Unary |
+| test.cpp:56:30:56:43 | (...) |  |
+| test.cpp:56:31:56:34 | (int)... |  |
+| test.cpp:56:31:56:34 | * ... | Unary, Unique |
+| test.cpp:56:39:56:42 | (int)... |  |
+| test.cpp:56:47:56:51 | ... ++ |  |
+| test.cpp:59:9:59:12 | (int)... |  |
+| test.cpp:59:9:59:12 | * ... | Unary, Unique |
+| test.cpp:59:17:59:20 | (int)... |  |
+| test.cpp:62:5:62:12 | ... ++ |  |
+| test.cpp:77:20:77:28 | call to getAValue | Unary, Unique |
+| test.cpp:77:20:77:30 | (signed short)... |  |
+| test.cpp:79:7:79:7 | (int)... |  |
+| test.cpp:79:7:79:7 | v | Unary, Unary |
+| test.cpp:79:11:79:20 | (int)... |  |
+| test.cpp:79:17:79:20 | val1 | LoadTotalOverlap, Unary |
+| test.cpp:79:24:79:33 | (int)... |  |
+| test.cpp:79:30:79:33 | val2 | LoadTotalOverlap, Unary |
+| test.cpp:80:5:80:19 | ... = ... |  |
+| test.cpp:80:9:80:17 | call to getAValue | Unary, Unique |
+| test.cpp:80:9:80:19 | (signed short)... |  |
+| test.cpp:88:3:88:20 | ... = ... |  |
+| test.cpp:88:12:88:12 | (void *)... |  |
+| test.cpp:105:11:105:12 | (Base *)... |  |
+| test.cpp:105:11:105:12 | pd | InheritanceConversion, InitializeParameter |
+| test.cpp:106:14:106:35 | static_cast<Base *>... |  |
+| test.cpp:106:33:106:34 | pd | InheritanceConversion, InitializeParameter |
+| test.cpp:128:3:128:11 | ... = ... |  |
+| test.cpp:139:3:139:24 | ... = ... |  |
+| test.cpp:147:3:147:18 | ... = ... |  |
+| test.cpp:156:3:156:17 | ... = ... |  |