CodeQL library for C/C++
codeql/cpp-all 0.5.1 (changelog, source)
Search

Module StackAddress

Provides utilities for determining which expressions contain stack addresses.

Import path

import semmle.code.cpp.dataflow.StackAddress

Imports

SSA

Provides classes and predicates for SSA representation (Static Single Assignment form).

cpp

Provides classes and predicates for working with C/C++ code.

Predicates

constructorMightRunOnStack

Helper predicate for memberFcnMightRunOnStack. Function calls to constructors need to be treated as a special case, because call.getQualifier() is empty. Instead, we need to check whether the constructor is called from an initializer. There are several kinds of initializers to consider.

isReferenceVariable

The type of the variable is a reference type, such as int&.

memberFcnMightRunOnStack

Holds if this member function might be called on an object which is allocated on the stack.

pointerParamFlowsToDef

Helper predicate for stackPointerFlowsToUse. Tracks the flow of stack addresses which arrived through one of the function’s parameters. This predicate is very similar to stackPointerFlowsToDef but they cannot be merged, because we cannot identify a sensible source expression here.

referenceParamFlowsToDef

Helper predicate for stackPointerFlowsToUse. Tracks the flow of stack addresses which arrived through one of the function’s parameters. This predicate is very similar to stackPointerFlowsToDef but they cannot be merged, because we cannot identify a sensible source expression here.

stackPointerFlowsToDef

Helper predicate for stackPointerFlowsToUse. Tracks the flow of stack addresses through SSA definitions.

stackPointerFlowsToUse

A stack address flows to use. The simplest case is when use is the expression &var, but assignments are also handled. For example:

stackReferenceFlowsToDef

Helper predicate for stackPointerFlowsToUse. Tracks the flow of stack references through SSA definitions. This predicate is almost identical to stackPointerFlowsToDef, except it handles references types, such as int&, rather than pointers.

stackReferenceFlowsToDef_Impl

stackReferenceFlowsToDef delegates most of the work to this predicate.

stackReferenceFlowsToUse