CodeQL library for C/C++
codeql/cpp-all 3.0.1-dev (changelog, source)
Search

Module Overflow

Provides predicates for reasoning about when the value of an expression is guarded by an operation such as <, which confines its range.

Import path

import semmle.code.cpp.security.Overflow

Imports

Dominance

Provides dominance predicates for control-flow nodes.

Guards

Provides classes and predicates for reasoning about guards and the control flow elements controlled by those guards.

RangeAnalysisUtils
SimpleRangeAnalysis

Simple range analysis library. Range analysis is usually done as an abstract interpretation over the lattice of range values. (A range is a pair, containing a lower and upper bound for the value.) The problem with this approach is that the lattice is very tall, which means it can take an extremely large number of iterations to find the least fixed point. This example illustrates the problem:

cpp

Provides classes and predicates for working with C/C++ code.

Predicates

guardedAbs

Holds if the value of use is guarded using abs.

guardedGreater

Holds if the value of use is guarded to be greater than something, and e is in code controlled by that guard (where the guard condition held).

guardedLesser

Holds if the value of use is guarded to be less than something, and e is in code controlled by that guard (where the guard condition held).

missingGuardAgainstOverflow

Holds if e potentially overflows and use is an operand of e that is not guarded.

missingGuardAgainstUnderflow

Holds if e potentially underflows and use is an operand of e that is not guarded.

varUse

Gets a use of a given variable v.