CodeQL library for C/C++
codeql/cpp-all 2.0.2 (changelog, source)
Index
Search

Member predicate TypeTracking::TypeTracker::smallstep

Gets the summary that corresponds to having taken a forwards local, heap and/or inter-procedural step from nodeFrom to nodeTo.

Unlike TypeTracker::step, this predicate exposes all edges in the flow graph, and not just the edges between Nodes. It may therefore be less performant.

Type tracking predicates using small steps typically take the following form:

Node myType(TypeTracker tt) {
  tt.start() and
  result = < source of myType >
  or
  exists(TypeTracker tt2 |
    tt = tt2.smallstep(myType(tt2), result)
  )
}

Node myType() {
  result = myType(TypeTracker::end())
}
TypeTracker smallstep(Node nodeFrom, Node nodeTo)