C++: Don't infer lambda calls when there is a static dispatch #18618
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…urce or summary callable.
There was a problem hiding this comment.
Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.
Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more
aschackmull
approved these changes
Jan 29, 2025
|
Thanks for the quick review, Schack!
It's hard to write a test for this since it requires our container stubs to actually have a body (so that we could flow into the source for the summarized function via a lambda call) which they don't. So I think we have to accept this 🤷 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This gives us the missing result that we lost after the all the bugfixes in #18592
The alert changes are completely identical to the original PR. All these results are good changes. I'll paste that description here for reference:
Query result changes
cpp/path-injectionWe gain 1 new result on
cpp/path-injection. I've confirmed that this is because we now stay below the default field flow branch limit (i.e.,2) for flow out of this call to push_back. Before, we had out flow from both the MaD summary and the source code which resulted in going over the limit. But now we only have the MaD summary-proided out flow which keeps us below the threshold. So, unlike onmain, field flow is now permitted in the enclosing function.cpp/non-constant-formatWe lose 60 results on SAMATE for this query. They all appear to be false positives that happen because of the generous
isSourcein the query that makes us start flow at some random output parameter of a call todeletedeep inside the destructor of an iterator inside the libstdc++. Obviously, that's not what the query is supposed to be finding and I doubt that any of our queries will benefit from starting flow deep inside the implementation of a MaD summarized function.Query result tuple count changes
Other than the two changes to query results above, we also see some query result tuple count changes on the
cpp/uncontrolled-allocation-sizequery on Samate. Jeroen asked about those in the original PR, and the reason is identical here:The reduction in result tuples on Samate for
cpp/uncontrolled-allocation-sizehappens because we find lots of results where the sink is an allocation deep inside the implementation ofstd::vector. However, because that location is outside the source root the result is filtered away. So after excluding results outside the source root (i.e., the results that are actually surfaced in the alert view) there are 38 results before and after these changes.