CodeQL library for C/C++
codeql/cpp-all 0.13.1 (changelog, source)
Search

Predicate postUpdateFlow

Holds if there is def-use or use-use flow from pun to nodeTo.

Note: This is more complex than it sounds. Consider a call such as:

write_first_argument(x, x);
sink(x);

Assume flow comes out of the first argument to write_first_argument. We don’t want flow to go to the x that’s also an argument to write_first_argument (because we just flowed out of that function, and we don’t want to flow back into it again).

We do, however, want flow from the output argument to x on the next line, and similarly we want flow from the second argument of write_first_argument to x on the next line.

Import path

import semmle.code.cpp.ir.dataflow.internal.SsaInternals
predicate postUpdateFlow(PostUpdateNode pun, Node nodeTo)