Skip to content

C++: Use the IR for cpp/return-stack-allocated-memory. #7682

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MathiasVP merged 2 commits into from
Jan 21, 2022
Merged

C++: Use the IR for cpp/return-stack-allocated-memory. #7682

MathiasVP merged 2 commits into from
Jan 21, 2022

Conversation

@MathiasVP
Copy link
Contributor

@MathiasVP MathiasVP commented Jan 20, 2022

This query is a perfect query for the IR. Without really thinking too hard about it I was able to remove all the false positives from our tests for this query 🎉.

I changed the behavior of the query to not report 'may' flow, but only 'must' flow. This removes the possibility of FPs from complex path conditions which we cannot reason about.

This has no influence on Samate since Samate has a very low number of tests for this CWE. It does find a bunch of good results on LGTM, though (I've provided a link in the internal issue).

@MathiasVP MathiasVP added the C++ label Jan 20, 2022
@MathiasVP MathiasVP requested a review from a team as a code owner January 20, 2022 17:38
@MathiasVP MathiasVP changed the title C++: Use the IR for 'cpp/return-stack-allocated-memory'. C++: Use the IR for cpp/return-stack-allocated-memory. Jan 20, 2022
@MathiasVP MathiasVP force-pushed the rewrite-return-stack-allocated-memory-to-use-ir branch from acce720 to e689f6b Compare January 20, 2022 18:23
geoffw0
geoffw0 approved these changes Jan 21, 2022
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a bit sad that so much query code is needed that feels like it should be done by a library. But the results on tests are very impressive, the upgrade to a path-problem is progress, and real world results I've looked at LGTM. 👍

@MathiasVP
Copy link
Contributor Author

MathiasVP commented Jan 21, 2022

I'm a bit sad that so much query code is needed that feels like it should be done by a library.

Yeah, most of the code is really because I re-invented the 'must flow' library like I did in #4644. I think we can pull some shared parts out into a "intraprocedural must flow" library in the future, which should hopefully cut most of this code away.

@geoffw0
Copy link
Contributor

geoffw0 commented Jan 21, 2022

I think we can pull some shared parts out into a "intraprocedural must flow" library in the future, which should hopefully cut most of this code away.

Sounds good, and I agree this should be done outside of this PR.

@MathiasVP MathiasVP merged commit 117795c into github:main Jan 21, 2022
This was referenced Jan 21, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@geoffw0 geoffw0 geoffw0 approved these changes

Assignees

No one assigned

Labels

C++ documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MathiasVP @geoffw0