C++: Add more barriers to cpp/tainted-arithmetic
#6125
Conversation
… and use it in 'cpp/tainted-arithmetic'.
|
LGTM, subject to resolving conflicts with #6120 after it is merged.
With 1 byte types are people just being more careful and deliberate about overflow? I'm surprised the cases in |
Good point! I took another look at the results, and it turns out that the |
|
This PR doesn't need a change-note as the change-note added in #5667 also perfectly covers the changes made in PR. 🎉 |
Conflicts have been resolved. I've also rebumped the internal PR's submodule. |
|
The tests on this PR, and the internal one, are green now @geoffw0. |
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
This PR does two things:
cpp/tainted-arithmeticto apath-problemquery. This is mostly to help investigate results on LGTM. It seems like a good fit for this query anyway.boundedpredicate (which was introduced in C++: Add more sanitizers tocpp/uncontrolled-arithmetic#5887 forcpp/uncontrolled-arithmetic) in a separate QL file so that it can also be used bycpp/tainted-arithmetic.We should also be able to use it in
cpp/uncontrolled-allocation-sizeonce #6120 is merged (which this PR currently conflicts with).In addition, as this query is kinda noisy I've added another barrier to block flow out of "small integer" types.
Since it's difficult to do an LGTM difference run I've just manually compared the "before state" with the "after state".
Before: https://lgtm.com/query/519140448821761310/
After: https://lgtm.com/query/2136072651063415759/
The only real noticeable difference is that we remove all the FPs on
mldbai/giflibandadriweb/tivars_lib_cpp. These results are in fact removed by thee.getUnspecifiedType().(IntegralType).getSize() <= 1barrier.The two test failures are caused by the conversion to
path-problemin the internal testcases. I've fixed them in a PR in the internal repo that should be merged with this PR.